Skip to content

v7.5.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 18 Aug 16:24
v7.5.0
3a04b9e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Minor Changes

  • 62a16f3: Allow modifying HTML attribute sanitization when options.sanitizer is passed by the composer.

    By default a lightweight URL sanitizer function is provided to avoid common attack vectors that might be placed into the href of an anchor tag, for example. The sanitizer receives the input, the HTML tag being targeted, and the attribute name. The original function is available as a library export called sanitizer.

    This can be overridden and replaced with a custom sanitizer if desired via options.sanitizer:

    // sanitizer in this situation would receive:
// ('javascript:alert("foo")', 'a', 'href')

<Markdown options={{ sanitizer: (value, tag, attribute) => value }}>
  {`[foo](javascript:alert("foo"))`}
</Markdown>

// or

compiler('[foo](javascript:alert("foo"))', {
  sanitizer: (value, tag, attribute) => value,
})

Patch Changes

  • 553a175: Replace RuleType enum with an object
Assets 2
Loading