cmark

My personal build of CMark ✏️

Commit: 2794a0c7b39d33fa09a8467a9fba87c35fec6d76
Parent: 4d9875ad71fbc67bcda1cc18c10c384606b44e31
Author: John MacFarlane <fiddlosopher@gmail.com>
Date: Fri, 24 Oct 2014 12:02:46 -0700

README: Added note on protecting vs XSS attacks.

Closes #61.

Diffstat

1 file changed, 7 insertions, 1 deletion

Status	File Name	N° Changes	Insertions	Deletions
Modified	README.md	8	7	1

diff --git a/README.md b/README.md
@@ -30,7 +30,13 @@ will start this.)
 
 [Try it now!](http://jgm.github.io/stmd/js/)
 
-[The spec] contains over 400 embedded examples which serve as conformance
+Note that neither implementation attempts to sanitize link attributes or
+raw HTML.  If you use these libraries in applications that accept
+untrusted user input, you must run the output through an HTML
+sanitizer to protect against
+[XSS attacks](http://en.wikipedia.org/wiki/Cross-site_scripting).
+
+[The spec] contains over 450 embedded examples which serve as conformance
 tests.  To run the tests for `stmd`, do `make test`.  To run them for
 another Markdown program, say `myprog`, do `make test PROG=myprog`.  To
 run the tests for `stmd.js`, do `make testjs`.