markdown-to-jsx icon indicating copy to clipboard operation
markdown-to-jsx copied to clipboard

Published 20 hours ago verified publisher icon quantizor

Can't disable HTML sanitization

Open cfotos opened this issue 1 year ago • 2 comments

I want to be able to render an anchor tag with an onclick attribute that executes some javascript. This was possible before version 6.11.4, but was changed in this PR.

I think that users should be able to disable this sanitization. In my case, the markdown I'm rendering will always come from a trusted source, so I don't have to worry about XSS.

cfotos avatar Mar 26 '24 22:03 cfotos

An option to disable sanitization makes sense

quantizor avatar Mar 27 '24 11:03 quantizor

I've created a PR #579 that implements this feature. @quantizor Would you like to review it?

SukkaW avatar May 13 '24 07:05 SukkaW

I'd be keen to see this happen as well, I have a couple of legitimate use cases where data URIs are being used in href.

nitbix avatar Jul 11 '24 19:07 nitbix