path: root/man/man1/
diff options
authorfiddlosopher <fiddlosopher@788f1e2b-df1e-0410-8736-df70ead52e1b>2008-03-22 20:41:56 +0000
committerfiddlosopher <fiddlosopher@788f1e2b-df1e-0410-8736-df70ead52e1b>2008-03-22 20:41:56 +0000
commit8624ed9bd3c38c1907070a3b7de244fd487976c4 (patch)
treea1bfab4317a80976768c31d65b7b3abf873192a9 /man/man1/
parent4988441f3c44d8b80712aec8eb3359a3a584e669 (diff)
The '--sanitize-html' option now examines URIs in markdown links
and images, and in HTML href and src attributes. If the URI scheme is not on a whitelist of safe schemes, it is rejected. The main point is to prevent cross-site scripting attacks using 'javascript:' URIs. See and Resolves Issue #62. git-svn-id: 788f1e2b-df1e-0410-8736-df70ead52e1b
Diffstat (limited to 'man/man1/')
1 files changed, 2 insertions, 1 deletions
diff --git a/man/man1/ b/man/man1/
index 5bf734d5a..e3ca8e591 100644
--- a/man/man1/
+++ b/man/man1/
@@ -128,7 +128,8 @@ to Pandoc. Or use `html2markdown`(1), a wrapper around `pandoc`.
: Sanitizes HTML (in markdown or HTML input) using a whitelist.
Unsafe tags are replaced by HTML comments; unsafe attributes
- are omitted.
+ are omitted. URIs in links and images are also checked against a
+ whitelist of URI schemes.
\--toc, \--table-of-contents
: Include an automatically generated table of contents (HTML, markdown,