standardization: "sanitize"

2025-01-14 06:43:25 +08:00 · 2022-10-07 21:17:30 -04:00 · 2022-10-07 21:17:30 -04:00 · a1757ba217
commit a1757ba217
parent 5390c409d0
1 changed files with 1 additions and 1 deletions
--- a/packages/mermaid/src/docs/README.md
+++ b/packages/mermaid/src/docs/README.md
@ -279,7 +279,7 @@ Detailed information about how to contribute can be found in the [contribution g

 ## Security and safe diagrams

-For public sites, it can be precarious to retrieve text from users on the internet, storing that content for presentation in a browser at a later stage. The reason is that the user content can contain embedded malicious scripts that will run when the data is presented. For Mermaid this is a risk, specially as mermaid diagrams contain many characters that are used in html which makes the standard sanitation unusable as it also breaks the diagrams. We still make an effort to sanitise the incoming code and keep refining the process but it is hard to guarantee that there are no loop holes.
+For public sites, it can be precarious to retrieve text from users on the internet, storing that content for presentation in a browser at a later stage. The reason is that the user content can contain embedded malicious scripts that will run when the data is presented. For Mermaid this is a risk, specially as mermaid diagrams contain many characters that are used in html which makes the standard sanitation unusable as it also breaks the diagrams. We still make an effort to sanitize the incoming code and keep refining the process but it is hard to guarantee that there are no loop holes.

 As an extra level of security for sites with external users we are happy to introduce a new security level in which the diagram is rendered in a sandboxed iframe preventing JavaScript in the code from being executed. This is a great step forward for better security.