The autoescape mechanism protects web applications from the most common cross-site scripting (XSS) vulnerabilities. To secure your application, enable autoescaping.
1var kramed = require('kramed')
2
3function doNotDisableHtmlAutoEscapeNoncompliant() {
4 var setOptions = {
5 renderer: new kramed.Renderer({
6 // Noncompliant: sanitize is set to 'false'.
7 sanitize: false
8 })
9 }
10}
1var kramed = require('kramed')
2
3function doNotDisableHtmlAutoEscapeCompliant() {
4 var setOptions = {
5 renderer: new kramed.Renderer({
6 // Compliant: sanitize is 'true' by default.
7 })
8 }
9}