Issue #2 resolved

security: rst converter javascript URLs

Thomas Waldmann
repo owner created an issue

the rst converter happily creates javascript: links, which is unsecure (XSS, etc.)

Example markup:

NotMe <javascript:alert(1)>_

TODO: use a list of "supported/secure protocols", see also the ongoing fix of moin/1.9.