Add explicit suggestion to configure security-related options

thephpleague · Sep 14, 2024 · 36979b3 · 36979b3
1 parent 8a0cc70
commit 36979b3
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -61,7 +61,8 @@ The included `demo` directory contains an HTML->Markdown conversion form to try
 
 ### Conversion options
 
-By default, HTML To Markdown preserves HTML tags without Markdown equivalents, like `<span>` and `<div>`.
+> [!WARNING]  
+> By default, this library preserves HTML tags without Markdown equivalents, like `<span>`, `<div>`, `<iframe>`, `<script>`, etc. If you will be parsing untrusted input from users, **please consider setting the `strip_tags` and/or `remove_nodes` options** documented below, and also using a library (like [HTML Purifier](https://github.com/ezyang/htmlpurifier)) to provide additional HTML filtering.
 
 To strip HTML tags that don't have a Markdown equivalent while preserving the content inside them, set `strip_tags` to true, like this: