haskell/xss-sanitize
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update README, add CREDIT

Browse Source
This commit is contained in:
Greg Weber 2010-09-23 18:27:21 -07:00
parent 548aa9a8aa
commit ca3b8e7b0c
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README
View File

@ -11,4 +11,7 @@ This is not escaping! Escaping html does prevents XSS attacks. Strings should be
This function removes any tags or attributes that are not in its white-list of safe html. This may sound picky, but most html should make it through unchanged, giving us the best of both worlds- safe, displayable html.
== Integration ==
It is recommended to integrate this so that it is automatically used whenever an application receives user html data (instead of before it is displayed). See the Yesod web framework as an example.
It is recommended to integrate this so that it is automatically used whenever an application receives untrusted html data (instead of before it is displayed). See the Yesod web framework as an example.
== Credit ==
This was taken from John MacFarlane's Pandoc (with permission) but redone with a TagSoup parser and some performance enhancements.