File tree Expand file tree Collapse file tree 1 file changed +12
-0
lines changed Expand file tree Collapse file tree 1 file changed +12
-0
lines changed Original file line number Diff line number Diff line change @@ -58,6 +58,14 @@ specify one.
5858
5959[ ` Element ` ] [ element ] .
6060
61+ ## Security
62+
63+ Improper use of the ` selector ` or ` defaultTagName ` can open you up to a
64+ [ cross-site scripting (XSS)] [ xss ] attack as the value of ` tagName ` , when
65+ resolving to ` script ` , injects a ` script ` element into the syntax tree.
66+
67+ Do not use user input in ` selector ` or use [ ` hast-util-santize ` ] [ sanitize ] .
68+
6169## Contribute
6270
6371See [ ` contributing.md ` in ` syntax-tree/.github ` ] [ contributing ] for ways to get
@@ -117,3 +125,7 @@ abide by its terms.
117125[ node ] : https://github.com/syntax-tree/hast#nodes
118126
119127[ element ] : https://github.com/syntax-tree/hast#element
128+
129+ [ xss ] : https://en.wikipedia.org/wiki/Cross-site_scripting
130+
131+ [ sanitize ] : https://github.com/syntax-tree/hast-util-sanitize
You can’t perform that action at this time.
0 commit comments