An example:
1 Like
That’s correct, otherwise there are a million markup exploits we are open to. I think that’s a default for the onebox…
I agree with not parsing the HTML, but passing it though Sanitize.clean might make it look better. eg.
The extension integrates your Magento 2 store with the Stripe payment service.
8 Likes
Sure that’s a good idea @zogstrip – I think you touched this last, for the prior round of Hacker One fixes?
3 Likes
I’ve addded HTML stripping to the description in the latest onebox. Should be deployed shortly:
https://github.com/discourse/onebox/commit/252c35dc97a5932cd689ce4a9d5fea265a2313fd
5 Likes