ef1f1eee9d
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Remove data: from allowedSchemesByTag for img tags and add transformTags filters for both <a> and <img> elements that strip data: URI schemes (including mixed-case and whitespace-padded variants). This prevents XSS/CSRF attacks via embedded data URIs in markdown content. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>