File tree Expand file tree Collapse file tree 1 file changed +11
-0
lines changed Expand file tree Collapse file tree 1 file changed +11
-0
lines changed Original file line number Diff line number Diff line change @@ -566,6 +566,13 @@ The rest is sorted alphabetically based on content after `hast-util-`
566566 C. McCormack.
567567 W3C.
568568
569+ ## Security
570+
571+ As hast represents HTML, and improper use of HTML can open you up to a
572+ [ cross-site scripting (XSS)] [ xss ] attack, improper use of hast is also unsafe.
573+ Always be careful with user input and use [ ` hast-util-santize ` ] [ sanitize ] to
574+ make the hast tree safe.
575+
569576## Contribute
570577
571578See [ ` contributing.md ` ] [ contributing ] in [ ` syntax-tree/.github ` ] [ health ] for
@@ -681,6 +688,10 @@ for contributing to hast and related projects!
681688
682689[ concept-aria-reflection ] : https://w3c.github.io/aria/#idl_attr_disambiguation
683690
691+ [ xss ] : https://en.wikipedia.org/wiki/Cross-site_scripting
692+
693+ [ sanitize ] : https://github.com/syntax-tree/hast-util-sanitize
694+
684695[ term-tree ] : https://github.com/syntax-tree/unist#tree
685696
686697[ term-child ] : https://github.com/syntax-tree/unist#child
You can’t perform that action at this time.
0 commit comments