Shiba icon indicating copy to clipboard operation
Shiba copied to clipboard
verified publisher icon rhysd

Add support for html tags

Open 00sapo opened this issue 6 years ago • 1 comments

It would be useful if Shiba could support standard html tags, such as iframes. It would allow to include a lot of contents (e.g. YouTube, etc...)

00sapo avatar Feb 13 '19 12:02 00sapo

I'm sorry for catching this issue late.

Due to security reason, HTML tags are sanitized. Some HTML tags such as <img>, <cite>, <kbd>, ... (listed here). This is the same as GitHub.

https://github.com/rhysd/marked-sanitizer-github

Without this sanitization, loading malicious markdown documentation causes arbitrary code execution (reported at #42).

rhysd avatar Feb 25 '19 09:02 rhysd