vndb/mithril-vndb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update migration, fix various minor issues

Browse source 
- Lot of people couldn't migrate to v1 and plan to reevaluate when v2 is
  released.
- It's "npm" not "NPM". It doesn't stand for anything, and it never
  has - it was initially chosen simply because it was easy to type.
  It has a lot of unofficial backronyms with "Node Package Manager"
  being one of the most common ones, but it's never officially stood
  for anything as an acronym *or* initialism.
- Fixed a few errors in the change log, like non-breaking changes being
  included in the "Breaking Changes" section and an inaccuracy in the
  summary of a particular change.
- Fixed RawGit URLs to point to GitHack, which is a lighter proxy that
  offloads caching to Cloudflare instead of also implementing it itself.
  (It also just uses nginx for all the important server logic, so it
  scales better.)
- Add a few more v0.2 references as appropriate
This commit is contained in:
Isiah Meadows 2019-07-24 05:01:20 -04:00
parent 8186818e10
commit 234b1c9302
26 changed files with 1389 additions and 935 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/trust.md
View file

@ -86,7 +86,7 @@ data.title = "' onerror='alert(1)"
data.title = "' onmouseover='alert(1)"
// An attack that does not use JavaScript
data.description = "<a href='http://evil.com/login-page-that-steals-passwords.html'>Click here to read more</a>"
data.description = "<a href='https://evil.com/login-page-that-steals-passwords.html'>Click here to read more</a>"
```
There are countless non-obvious ways of creating malicious code, so it is highly recommended that you use a [whitelist](https://en.wikipedia.org/wiki/Whitelist) of permitted HTML tags, attributes and attribute values, as opposed to a [blacklist](https://en.wikipedia.org/wiki/Blacklisting) to sanitize the user input. It's also highly recommended that you use a proper HTML parser, instead of regular expressions for sanitization, because regular expressions are extremely difficult to test for all edge cases.
@ -134,7 +134,7 @@ Here's the example snippet for the [Facebook Like button](https://developers.fac
<!-- Your like button code -->
<div class="fb-like"
data-href="http://www.your-domain.com/your-page.html"
data-href="https://www.your-domain.com/your-page.html"
data-layout="standard"
data-action="like"
data-show-faces="true">
@ -157,7 +157,7 @@ var FacebookLikeButton = {
view: function() {
return [
m("#fb-root"),
m("#fb-like[data-href=http://www.your-domain.com/your-page.html][data-layout=standard][data-action=like][data-show-faces=true]")
m("#fb-like[data-href=https://www.your-domain.com/your-page.html][data-layout=standard][data-action=like][data-show-faces=true]")
]
}
}