|
|
|
@ -63,6 +63,18 @@ process (like loading and showing the user a webpage) with the complex logic in
|
|
|
|
|
Readability. Improvements to its logic (while not deteriorating its performance) are very
|
|
|
|
|
welcome.
|
|
|
|
|
|
|
|
|
|
## Security
|
|
|
|
|
|
|
|
|
|
If you're going to use Readability with untrusted input (whether in HTML or DOM form), we
|
|
|
|
|
**strongly** recommend you use a sanitizer library like
|
|
|
|
|
[DOMPurify](https://github.com/cure53/DOMPurify) to avoid script injection when you use
|
|
|
|
|
the output of Readability. We would also recommend using
|
|
|
|
|
[CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) to add further defense-in-depth
|
|
|
|
|
restrictions to what you allow the resulting content to do. The Firefox integration of
|
|
|
|
|
reader mode uses both of these techniques itself. Sanitizing unsafe content out of the input
|
|
|
|
|
is explicitly not something we aim to do as part of Readability itself - there are other
|
|
|
|
|
good sanitizer libraries out there, use them!
|
|
|
|
|
|
|
|
|
|
## Contributing
|
|
|
|
|
|
|
|
|
|
[![Build Status](https://travis-ci.org/mozilla/readability.svg?branch=master)](https://travis-ci.org/mozilla/readability)
|
|
|
|
|