1.0.2 • Published 4 years ago

markdown-it-xss v1.0.2

Weekly downloads
14
License
MIT
Repository
github
Last release
4 years ago

markdown-it-xss

English Doc

基于@leizongmin/js-xss的markdown-it插件封装

install

npm install -S markdown-it-xss

use

BASE

const md = require('markdown-it')({ html: true })
            .use(require('markdown-it-xss'),{
                xss:{
                     escapeHtml(html) {
                           return html
                     },
                }
            });

md.render(`<img onerror="alert('xss')" src="1">`); // => '<img>'

Advanced

你也可以自己配置过滤规则,详见xss

const md = require('markdown-it')({ html: true })
            .use(require('markdown-it-xss'),{
                xss:function(xss){  // xss = require('xss')
                   return{
                       whiteList: Object.assign({}, xss.getDefaultWhiteList(), {
                               img: ['onerror','src'],
                           }),
                       css: {
                           whiteList: Object.assign({}, xss.getDefaultCSSWhiteList(), {}),
                       },
                       escapeHtml(html) {
                           return html
                       },
                   }
                }
                //or
                // xss:{...options}
            });

md.render(`<img onerror="alert('xss')" src="1">`); // => '<img onerror="alert('xss')" src="1">'
markdown-it-pluginmarkdown-itmarkdownxss
xss
@everything-registry/sub-chunk-2132react-start-editor@zalastax/nolb-markdown-imd-editor-rtmd-editor-v3
1.0.2

4 years ago

1.0.1

4 years ago

1.0.0

4 years ago