From ca3b8e7b0c0e4aafc92338da3104070b478456b0 Mon Sep 17 00:00:00 2001 From: Greg Weber Date: Thu, 23 Sep 2010 18:27:21 -0700 Subject: [PATCH] update README, add CREDIT --- README | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README b/README index 3a4068d..e614fd3 100644 --- a/README +++ b/README @@ -11,4 +11,7 @@ This is not escaping! Escaping html does prevents XSS attacks. Strings should be This function removes any tags or attributes that are not in its white-list of safe html. This may sound picky, but most html should make it through unchanged, giving us the best of both worlds- safe, displayable html. == Integration == -It is recommended to integrate this so that it is automatically used whenever an application receives user html data (instead of before it is displayed). See the Yesod web framework as an example. +It is recommended to integrate this so that it is automatically used whenever an application receives untrusted html data (instead of before it is displayed). See the Yesod web framework as an example. + +== Credit == +This was taken from John MacFarlane's Pandoc (with permission) but redone with a TagSoup parser and some performance enhancements.