angular-marked
angular-marked copied to clipboard
Published
20 hours ago •
Hypercubed
Hypercubed
Overriding link renderer skips all the security work made by the default renderer
Hello,
The following example (from repo's Readme) overrides the link renderer that is making a lot of escaping and sanitization work to avoid XSS issues.
app.config(['markedProvider', function (markedProvider) {
markedProvider.setRenderer({
link: function(href, title, text) {
return "<a href='" + href + "'" + (title ? " title='" + title + "'" : '') + " target='_blank'>" + text + "</a>";
}
});
}]);
I don't find a way to customize the renderer by invoking the original link renderer of marked library.
Thanks
