File tree 1 file changed +10
-0
lines changed 1 file changed +10
-0
lines changed Original file line number Diff line number Diff line change @@ -73,6 +73,12 @@ This works in a similar way to the [`parse5`][hast-util-from-parse5] version
7373except that it works directly from the DOM rather than a string of HTML.
7474Consequently, it does not maintain [ positional info] [ positional-information ] .
7575
76+ ## Security
77+
78+ Use of ` hast-util-from-dom ` can open you up to a
79+ [ cross-site scripting (XSS)] [ xss ] attack if the DOM is unsafe.
80+ Use [ ` hast-util-santize ` ] [ sanitize ] to make the hast tree safe.
81+
7682## Related
7783
7884* [ ` hast-util-from-parse5 ` ] [ hast-util-from-parse5 ]
@@ -147,3 +153,7 @@ abide by its terms.
147153[ hast ] : https://github.com/syntax-tree/hast
148154
149155[ hast-util-from-parse5 ] : https://github.com/syntax-tree/hast-util-from-parse5
156+
157+ [ xss ] : https://en.wikipedia.org/wiki/Cross-site_scripting
158+
159+ [ sanitize ] : https://github.com/syntax-tree/hast-util-sanitize
You can’t perform that action at this time.
0 commit comments