File tree 1 file changed +10
-0
lines changed
1 file changed +10
-0
lines changed Original file line number Diff line number Diff line change @@ -88,6 +88,12 @@ Document interface to use (default: `global.document`).
8888
8989` namespace ` to use to create [ * elements* ] [ element ] .
9090
91+ ## Security
92+
93+ Use of ` hast-util-to-dom ` can open you up to a
94+ [ cross-site scripting (XSS)] [ xss ] attack if the hast tree is unsafe.
95+ Use [ ` hast-util-santize ` ] [ sanitize ] to make the hast tree safe.
96+
9197## Related
9298
9399* [ ` hast-util-sanitize ` ] ( https://github.com/syntax-tree/hast-util-sanitize )
@@ -158,3 +164,7 @@ abide by its terms.
158164[ element ] : https://github.com/syntax-tree/hast#element
159165
160166[ tree ] : https://github.com/syntax-tree/unist#tree
167+
168+ [ xss ] : https://en.wikipedia.org/wiki/Cross-site_scripting
169+
170+ [ sanitize ] : https://github.com/syntax-tree/hast-util-sanitize
You can’t perform that action at this time.
0 commit comments