Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
github_flavored_markdown: Do not filter out data URI scheme images.
See discussion of potential security implications at microcosm-cc/bluemonday#5. The conclusion is that it should be okay, unless there are bugs in client (browsers) code that would open new attack vectors. In the interest of science and moving tech forward, I will stop filtering these out. If you're dealing with untrusted user generated input and feel paranoid, you may want to apply a stricter sanitization policy that applies to your specific scenario on top.
- Loading branch information