Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't disable HTML sanitization #564

Closed
cfotos opened this issue Mar 26, 2024 · 3 comments · Fixed by #579
Closed

Can't disable HTML sanitization #564

cfotos opened this issue Mar 26, 2024 · 3 comments · Fixed by #579
Assignees
@quantizor

Comments

@cfotos
Copy link

cfotos commented Mar 26, 2024

I want to be able to render an anchor tag with an onclick attribute that executes some javascript. This was possible before version 6.11.4, but was changed in this PR.

I think that users should be able to disable this sanitization. In my case, the markdown I'm rendering will always come from a trusted source, so I don't have to worry about XSS.
@quantizor
Copy link
Owner

An option to disable sanitization makes sense

@quantizor quantizor self-assigned this Mar 27, 2024
SukkaW added a commit to SukkaW/markdown-to-jsx that referenced this issue May 13, 2024
@SukkaW
feat: allow disable sanitization (quantizor#564)
b27a802
SukkaW added a commit to SukkaW/markdown-to-jsx that referenced this issue May 13, 2024
@SukkaW
test: quantizor#564
839ec66
@SukkaW SukkaW mentioned this issue May 13, 2024
Merged
@SukkaW
Copy link
Contributor

SukkaW commented May 13, 2024

I've created a PR #579 that implements this feature. @quantizor Would you like to review it?

@nitbix
Copy link

nitbix commented Jul 11, 2024

I'd be keen to see this happen as well, I have a couple of legitimate use cases where data URIs are being used in href.

quantizor added a commit that referenced this issue Aug 18, 2024
@SukkaW @quantizor
feat: allow composer to adjust sanitization (#564) (#579)
62a16f3 
* feat: allow disable sanitization (#564)

* test: #564

* chore: add changeset

* chore: restore prior whitespace

* refactor: adjust sanitizer to provide more data to the composer

* refactor: DX tweaks

* chore: adjust size limit

will golf this down later

* chore: tweak changeset

---------

Co-authored-by: Evan Jacobs <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@quantizor quantizor

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: allow disable sanitization (#564) SukkaW/markdown-to-jsx
4 participants
@quantizor @nitbix @SukkaW @cfotos