You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Pegdown escapes HTML in code blocks, but not in other output. If I want to protect myself against XSS, I have to escape the input for pegdown manually, this however results in code blocks being escaped twice, resulting in wrong output.
I am looking for an option to either disable escaping for code blocks - and doing escaping myself, or an option to enable HTML escaping for all elements (which I think should have been default).
The text was updated successfully, but these errors were encountered:
Pegdown escapes HTML in code blocks, but not in other output. If I want to protect myself against XSS, I have to escape the input for pegdown manually, this however results in code blocks being escaped twice, resulting in wrong output.
I am looking for an option to either disable escaping for code blocks - and doing escaping myself, or an option to enable HTML escaping for all elements (which I think should have been default).
The text was updated successfully, but these errors were encountered: