From 3e8052dc2777259830a086a346c81bd807d6d244 Mon Sep 17 00:00:00 2001
From: QuietMisdreavus <grey@quietmisdreavus.net>
Date: Wed, 20 Feb 2019 10:28:39 -0600
Subject: [PATCH] don't render raw html or data/javascript URLs in crate
 readmes

---
 src/web/mod.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/web/mod.rs b/src/web/mod.rs
index 8de4021c3..2efba3bce 100644
--- a/src/web/mod.rs
+++ b/src/web/mod.rs
@@ -359,6 +359,7 @@ fn render_markdown(text: &str) -> String {
 
     let options = {
         let mut options = ComrakOptions::default();
+        options.safe = true;
         options.ext_superscript = true;
         options.ext_table = true;
         options.ext_autolink = true;