react-md-editor icon indicating copy to clipboard operation
react-md-editor copied to clipboard
verified publisher icon uiwjs

Img and P tags are not working in preview of MdEditor:

Open arvi9 opened this issue 2 years ago • 4 comments 

<p align="center">
  <img width="600" height="200" src="https://www.python.org/python-.png">
</p>

Img and P tags are not working in preview of MdEditor:

 <div data-color-mode="dark">
        <MDEditor
        value={value}
        onChange={(value)=>{setValue(value)}}
        preview="edit"
        commands={[...commands.getCommands(), uploadImage, help]}
        previewOptions={{
            linkTarget: '_blank',
            rehypePlugins: [
              [
                rehypeSanitize,
                {
                  ...defaultSchema,
                  attributes: {
                    ...defaultSchema.attributes,
                    span: [
                      // @ts-ignore
                      ...(defaultSchema.attributes.span || []),
                      // List of all allowed tokens:
                      ['className', 'math', 'math-inline'],
                    ],
                    code: [['className']],
                    img: [...(defaultSchema.attributes.img || []), ["width",
                    "height",
                    "src",
                    "alt",
                    "style"]],

                  },
                },
              ],
            ],

          }}

        height={400}
        
        highlightEnable={true}
        enableScroll={true}
        textareaProps={{
          placeholder: 'Please enter Markdown text',
        }}
        />
    </div>

arvi9 avatar Aug 05 '23 17:08 arvi9

@arvi9 You can remove the ~~rehypeSanitize~~ plugin.

jaywcjlove avatar Aug 06 '23 04:08 jaywcjlove

It works if I remove the rehypeSanitize plugin. But my app is vulnerable to XSS attack Xss attack. I only have to allow some important tag which is must requered i.e. Imag and P tag for image and paragraph alignment. Kindly provide the solution .

arvi9 avatar Aug 07 '23 05:08 arvi9

It works if I remove the rehypeSanitize plugin. But my app is vulnerable to XSS attack Xss attack. I only have to allow some important tag which is must requered i.e. Imag and P tag for image and paragraph alignment. Kindly provide the solution .

Please provide the solution. I am awaiting for your reply.

arvi9 avatar Sep 14 '23 05:09 arvi9

@arvi9 You can customize rehype-sanitize Schema to define which nodes and props are considered safe, it will then allow them to be displayed in the preview.

RabbitHole26 avatar Jul 31 '24 10:07 RabbitHole26