Markdown and XSS

前端未结

关注

 5  1708

萌比男神i 2020-12-31 10:20

Ok, so I have been reading about markdown here on SO and elsewhere and the steps between user-input and the db are usually given as

convert markdown to html

5条回答

忘掉有多难 (楼主)

2020-12-31 10:49

insert into database
convert markdown to html
sanitize html (w/whitelist)

perl

use Text::Markdown ();
use HTML::StripScripts::Parser ();

my $hss = HTML::StripScripts::Parser->new(
   {
       Context         => 'Document',
       AllowSrc        => 0,
       AllowHref       => 1,
       AllowRelURL     => 1,
       AllowMailto     => 1,
       EscapeFiltered  => 1,
   },
   strict_comment => 1,
   strict_names   => 1,
);

$hss->filter_html(Text::Markdown::markdown(shift))

0 讨论(0)

查看其它5个回答