markdown-to-jsx
markdown-to-jsx copied to clipboard
Sanitise raw HTML
Related to the suggestion for a sanitise function in https://github.com/probablyup/markdown-to-jsx/issues/225#issuecomment-469783194, and issue #313 and PR #406. A function to sanitise the raw HTML would be useful to enable specifying a white list of tags, their attributes and the attribute's values. In my current use case I would like to allow:
- anchor tags and their href but nothing else
- iframes, but only if they have a src url with origin "https://platform.twitter.com" for embedded tweets
- img tags but only their href, and style attribute's width and height properties. And deny all other HTML tags, attributes and attribute values.
Would there be interest in supporting such a function?
For any one else interested I've simplified the tweet embedding to:
<tweet id="801270269184647168" />
const MARKDOWN_OPTIONS: MarkdownToJSX.Options =
{
overrides:
{
// ...
// If there is any text inside the script tag then render this, otherwise render nothing.
script: (props: { children: string }) => props.children,
iframe: (props: { children: string }) => props.children,
tweet: (props: { id: string }) =>
{
const src = `https://platform.twitter.com/embed/Tweet.html?dnt=false&frame=false&hideCard=false&hideThread=false&id=${props.id}&lang=en-gb&theme=light&widgetsVersion=0a8eea3%3A1643743420422&width=400px"`
return <iframe
src={src}
scrolling="no"
frameBorder={0}
allowTransparency={true}
allowFullScreen={true}
style={{ width: 401, height: 624 }}
/>
},
// ...
},
}
Hello, Is there any progress here?