Netsyms/easy-markdown-editor
2
0
Fork 0
mirror of https://github.com/Ionaru/easy-markdown-editor synced 2025-06-30 14:41:01 -06:00
Code Issues Releases Wiki Activity

Merge pull request #147 from adamb70/sanitize-deprecation

Browse Source 
Allow custom sanitize function
This commit is contained in:
Jeroen Akkerman 2020-03-06 00:37:29 +01:00 committed by GitHub
commit 84ea2c2cca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
### Added
- `inputStyle` and `nativeSpellcheck` options to manage the native language of the browser (Thanks to [@firm1], [#143]).
- `sanitizerFunction` option to allow custom HTML sanitizing in the markdown preview (Thanks to [@adamb70], [#147]).
### Changed
- Delay before assuming that submit of the form as failed is `autosave.submit_delay` instead of `autosave.delay` (Thanks to [@Situphen], [#139]).
- Add `watch` task for gulp.

5
README.md
View File

@ -178,6 +178,7 @@ easyMDE.value('New input for **EasyMDE**');
- **hljs**: An injectible instance of [highlight.js](https://github.com/isagalaev/highlight.js). If you don't want to rely on the global namespace (`window.hljs`), you can provide an instance here. Defaults to `undefined`.
- **markedOptions**: Set the internal Markdown renderer's [options](https://marked.js.org/#/USING_ADVANCED.md#options). Other `renderingConfig` options will take precedence.
- **singleLineBreaks**: If set to `false`, disable parsing GFM single line breaks. Defaults to `true`.
- **sanitizerFunction**: Custom function for sanitizing the HTML output of markdown renderer.
- **shortcuts**: Keyboard shortcuts associated with this instance. Defaults to the [array of shortcuts](#keyboard-shortcuts).
- **showIcons**: An array of icon names to show. Can be used to show specific icons hidden by default without completely customizing the toolbar.
- **spellChecker**: If set to `false`, disable the spell checker. Defaults to `true`.
@ -251,6 +252,10 @@ var editor = new EasyMDE({
renderingConfig: {
singleLineBreaks: false,
codeSyntaxHighlighting: true,
sanitizerFunction: function(renderedHTML) {
// Using DOMPurify and only allowing <b> tags
return DOMPurify.sanitize(renderedHTML, {ALLOWED_TAGS: ['b']})
},
},
shortcuts: {
drawTable: "Cmd-Alt-T"

5
src/js/easymde.js
View File

@ -1763,6 +1763,11 @@ EasyMDE.prototype.markdown = function (text) {
// Convert the markdown to HTML
var htmlText = marked(text);
// Sanitize HTML
if (this.options.renderingConfig && typeof this.options.renderingConfig.sanitizerFunction === 'function') {
htmlText = this.options.renderingConfig.sanitizerFunction.call(this, htmlText);
}
// Edit the HTML anchors to add 'target="_blank"' by default.
htmlText = addAnchorTargetBlank(htmlText);