[Issue 17391] SECURITY: XSS through DDOC comments
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Wed May 10 14:10:03 PDT 2017
https://issues.dlang.org/show_bug.cgi?id=17391
Vladimir Panteleev <thecybershadow at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |thecybershadow at gmail.com
--- Comment #1 from Vladimir Panteleev <thecybershadow at gmail.com> ---
Hmm... DDoc allows embedding HTML "by design", so this is not a bug.
It might be an issue for websites which display documentation of third-party
packages though.
Perhaps it would make sense to forbid certain HTML tags in .d files (i.e.
inline documentation comments and the "Macros" section), while still allowing
them in macro definitions in .ddoc files.
--
More information about the Digitalmars-d-bugs
mailing list