You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm wanting a reliable way of entering "HTML" content but not at the block level (ie just the inline level rendering). Markdown provides an awesome interface, but I'm not sure a good 'lite' approach. I am considering writing a renderer that just returns itself for each of the block level functions, but that's adding even more logic when I don't even need it
I wonder if there would be an easy way to split out only the inline parsing either as an option, or an alternate bundle (or possibly a quick way to write custom renderer in a more simple way than overriding every block element). I recognize this is a bit of an edge case, but I think this provides an awesome way for safely entering certain content in a CMS context (links, strong, em) where headers or lists or even a p tag would really through things off. (ie input labels, link content, header content where the header pre-exists, etc)
The text was updated successfully, but these errors were encountered:
I think what you want is a HTML Sanitizer so you can choose what tags are acceptable for your use case.
You could run the user's input through marked which emits HTML. Then run that HTML through a sanitizer to strip tags that are not acceptable by defining which tags are allowed.
This comment has a list of choices to choose from.
I personally have used sanitize-html like so:
constmarked=require('marked');constsanitize=require('sanitize-html');consthtml=marked(markdownStringFromUser);constcleanHtml=sanitize(html,{allowedTags: ['a','b','p','i','em','strong','blockquote','big','small','div','br','hr','li','ol','ul','table','tbody','thead','td','th','tr','caption','span'],allowedAttributes: {'a': ['href','target','rel'],},transformTags: {'a': (tagName,attribs)=>{// Always open links in a new windowif(attribs){attribs.target='_blank';attribs.rel='noopener noreferrer';}return{ tagName, attribs };}},});
I'm wanting a reliable way of entering "HTML" content but not at the block level (ie just the inline level rendering). Markdown provides an awesome interface, but I'm not sure a good 'lite' approach. I am considering writing a renderer that just returns itself for each of the block level functions, but that's adding even more logic when I don't even need it
I wonder if there would be an easy way to split out only the inline parsing either as an option, or an alternate bundle (or possibly a quick way to write custom renderer in a more simple way than overriding every block element). I recognize this is a bit of an edge case, but I think this provides an awesome way for safely entering certain content in a CMS context (links, strong, em) where headers or lists or even a
p
tag would really through things off. (ie input labels, link content, header content where the header pre-exists, etc)The text was updated successfully, but these errors were encountered: