[Issue 17391] SECURITY: XSS through DDOC comments

via Digitalmars-d-bugs digitalmars-d-bugs at puremagic.com
Wed May 10 14:20:22 PDT 2017


https://issues.dlang.org/show_bug.cgi?id=17391

--- Comment #2 from Cédric Picard <cpicard at openmailbox.org> ---
I was not aware that it is so by design. However if it is a design decision I
believe the security consequences should be made very explicit and clear in
DDOC's documentation so that people avoid distributing third-party projects'
documentation or do it very carefuly.

Limiting the use to some tags would help the usability issue but not the
security one.

--


More information about the Digitalmars-d-bugs mailing list