-
Alex Vandiver authored
HTML::Gumbo deals with ensuring that content cannot "escape" from the context that RT frames it in, by (for example) not allowing </td></tr> if the content has not opened its own table. HTML::Gumbo has an HTML::Parser-like interface, but it is not quite close enough to serve as a drop-in replacement -- and the structure of HTML::Scrubber would not make such a substitution easy. As such, pre-parse the HTML content using Gumbo, if available, as a pre-parsing step before HTML::Scrubber. This enables <table> tags and their ilk to be enabled without posing a security risk.
6c0cbbbd