[Issue 17391] SECURITY: XSS through DDOC comments

via Digitalmars-d-bugs digitalmars-d-bugs at puremagic.com
Wed May 10 14:10:03 PDT 2017


https://issues.dlang.org/show_bug.cgi?id=17391

Vladimir Panteleev <thecybershadow at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |thecybershadow at gmail.com

--- Comment #1 from Vladimir Panteleev <thecybershadow at gmail.com> ---
Hmm... DDoc allows embedding HTML "by design", so this is not a bug. 

It might be an issue for websites which display documentation of third-party
packages though.

Perhaps it would make sense to forbid certain HTML tags in .d files (i.e.
inline documentation comments and the "Macros" section), while still allowing
them in macro definitions in .ddoc files.

--


More information about the Digitalmars-d-bugs mailing list