From ac39623d667999cfae1444b46508a9a423b0df1b Mon Sep 17 00:00:00 2001 From: John MacFarlane Date: Mon, 13 Jul 2015 09:21:35 -0700 Subject: Added `CMARK_OPT_SAFE` option and `--safe` command-line flag. * Added `CMARK_OPT_SAFE`. This option disables rendering of raw HTML and potentially dangerous links. * Added `--safe` option in command-line program. * Updated `cmark.3` man page. * Added `scan_dangerous_url` to scanners. * In HTML, suppress rendering of raw HTML and potentially dangerous links if `CMARK_OPT_SAFE`. Dangerous URLs are those that begin with `javascript:`, `vbscript:`, `file:`, or `data:` (except for `image/png`, `image/gif`, `image/jpeg`, or `image/webp` mime types). * Added `api_test` for `OPT_CMARK_SAFE`. * Rewrote `README.md` on security. --- README.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index c0ca22d..5cfbb10 100644 --- a/README.md +++ b/README.md @@ -139,11 +139,16 @@ Usage Instructions for the use of the command line program and library can be found in the man pages in the `man` subdirectory. -**A note on security:** -This library does not attempt to sanitize link attributes or -raw HTML. If you use it in applications that accept -untrusted user input, you must run the output through an HTML -sanitizer to protect against +Security +-------- + +By default, the library will pass through raw HTML and potentially +dangerous links (`javascript:`, `vbscript:`, `data:`, `file:`). + +It is recommended that users either disable this potentially unsafe +feature by using the option `CMARK_OPT_SAFE` (or `--safe` with the +command-line program), or run the output through an HTML sanitizer +to protect against [XSS attacks](http://en.wikipedia.org/wiki/Cross-site_scripting). Contributing -- cgit v1.2.3