This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch sbp
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/sbp by this push:
new 48078cc5 Document the use of safe Markdown to HTML rendering in
cmarkgfm
48078cc5 is described below
commit 48078cc5ee82640cfbc5bdfbc3f4cf078e8d9af9
Author: Sean B. Palmer <[email protected]>
AuthorDate: Fri Feb 20 19:18:10 2026 +0000
Document the use of safe Markdown to HTML rendering in cmarkgfm
---
atr/docs/input-validation.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/atr/docs/input-validation.md b/atr/docs/input-validation.md
index 36b303a1..cd65a4df 100644
--- a/atr/docs/input-validation.md
+++ b/atr/docs/input-validation.md
@@ -219,6 +219,8 @@ import markupsafe
safe_html = markupsafe.Markup("<strong>Bold</strong>")
```
+For Markdown rendering, ATR uses
`markupsafe.Markup(cmarkgfm.github_flavored_markdown_to_html(markdown_text))`,
which safely filters dangerous input before rendering.
+
Never mark user-controlled data as safe without proper sanitization.
## File upload security
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
