Skip to content

Commit

Permalink
Add notes on security
Browse files Browse the repository at this point in the history
  • Loading branch information
@wooorm
wooorm committed Jul 22, 2019
1 parent fa8af35 commit 5f0ca4b
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,12 @@ Takes the `'remark'` field in the frontmatter and passes it as configuration to
Just like [`remark-comment-config`][remark-comment-config], but YAML is
more visible.

## Security

Use of `remark-yaml-config` can change how Markdown is parsed or compiled.
If the Markdown is user provided, this may open you up to a
[cross-site scripting (XSS)][xss] attack.

## Related

* [`remark-comment-config`][remark-comment-config]
Expand Down Expand Up @@ -149,3 +155,5 @@ abide by its terms.
[remark-comment-config]: https://github.com/remarkjs/remark-comment-config

[remark-frontmatter]: https://github.com/remarkjs/remark-frontmatter

[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting

0 comments on commit 5f0ca4b

Please sign in to comment.