view mod_xhtmlim/README.markdown @ 5796:93d6e9026c1b

mod_http_oauth2: Do not enforce PKCE on Device and OOB flows PKCE does not appear to be used with the Device flow. I have found no mention of any interaction between those standards. Since no data is delivered via redirects in these cases, PKCE may not serve any purpose. This is mostly a problem because we reuse the authorization code to implement the Device and OOB flows.
author Kim Alvefur <zash@zash.se>
date Fri, 15 Dec 2023 12:10:07 +0100
parents 1f68287138e3
children
line wrap: on
line source

Introduction
============

This module attempts to sanitize XHTML-IM messages.

It does **not** attempt to sanitize any CSS embedded in `style`
attributes, these are instead stripped by default.

Configuration
=============

  Option                   Type      Default
  ------------------------ --------- ---------
  `strip_xhtml_style`      boolean   `true`
  `bounce_invalid_xhtml`   boolean   `false`