Skip to content

Commit

Permalink
Add explicit suggestion to configure security-related options
Browse files Browse the repository at this point in the history
  • Loading branch information
colinodell authored Sep 14, 2024
1 parent 8a0cc70 commit 36979b3
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,8 @@ The included `demo` directory contains an HTML->Markdown conversion form to try

### Conversion options

By default, HTML To Markdown preserves HTML tags without Markdown equivalents, like `<span>` and `<div>`.
> [!WARNING]
> By default, this library preserves HTML tags without Markdown equivalents, like `<span>`, `<div>`, `<iframe>`, `<script>`, etc. If you will be parsing untrusted input from users, **please consider setting the `strip_tags` and/or `remove_nodes` options** documented below, and also using a library (like [HTML Purifier](https://github.com/ezyang/htmlpurifier)) to provide additional HTML filtering.
To strip HTML tags that don't have a Markdown equivalent while preserving the content inside them, set `strip_tags` to true, like this:

Expand Down

0 comments on commit 36979b3

Please sign in to comment.