Sanitise raw HTML

[AJamesPhillips]

Related to the suggestion for a sanitise function in https://github.com/probablyup/markdown-to-jsx/issues/225#issuecomment-469783194, and issue #313 and PR #406. A function to sanitise the raw HTML would be useful to enable specifying a white list of tags, their attributes and the attribute's values. In my current use case I would like to allow:

• anchor tags and their href but nothing else
• iframes, but only if they have a src url with origin "https://platform.twitter.com" for embedded tweets
• img tags but only their href, and style attribute's width and height properties. And deny all other HTML tags, attributes and attribute values.

Would there be interest in supporting such a function?

[AJamesPhillips]

For any one else interested I've simplified the tweet embedding to:

<tweet id="801270269184647168" />

const MARKDOWN_OPTIONS: MarkdownToJSX.Options =
{
    overrides:
    {
        // ...

        // If there is any text inside the script tag then render this, otherwise render nothing.
        script: (props: { children: string }) => props.children,
        iframe: (props: { children: string }) => props.children,

        tweet: (props: { id: string }) =>
        {
            const src = `https://platform.twitter.com/embed/Tweet.html?dnt=false&frame=false&hideCard=false&hideThread=false&id=${props.id}&lang=en-gb&theme=light&widgetsVersion=0a8eea3%3A1643743420422&width=400px"`

            return <iframe
                src={src}
                scrolling="no"
                frameBorder={0}
                allowTransparency={true}
                allowFullScreen={true}
                style={{ width: 401, height: 624 }}
            />
        },
        // ...
    },
}

[Innei]

Hello, Is there any progress here?