HTML and JS Sanitising?
scarroll32 opened this issue · comments
Given that Typewriter is a editor where any content can be written, including markup and embedded javascript, is there a need to somehow sanitise or look for any embedded JS?
No, all content is escaped. Direct HTML markup is not supported, only supported markup. For example, "bold" is the format for bolded text, but it is rendered inside a <strong>
element. Javascript cannot be embedded by the user.