search for: cadorn

...onfigurable with whitelists** of tags, attributes per tag, and URL schemes per attribute. By default it should be configured with a fairly strict filter, blocking even inline images and iframes with off-host URIs, and of course any possible vector for JS. This will annoy people like cadorn, for whom such filtering is unnecessary, and they need to have an easy way to turn off the whitelists (if not the HTML parsing entirely). But I think that is better than someone doing a `git pull` on markdown-js and getting privacy and XSS problems added to their application. That i...