Render markdown on the client side and use DOMPurify to prevent XSS.,

Browse source

The parsedown parser has problems with links in <>, so we use marked.js now which is more conform with (GFM) CommonMark and offers more feautures. Also with the usage of DOMPurify you can now use every HTML tag in Markdown without need to worry about XSS.

...

This commit is contained in:

Jan Böhmer 2019-10-12 17:41:13 +02:00

parent 7ec406d4a1

commit be8f074ca5

9 changed files with 93 additions and 32 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download patch file Download diff file Expand all files Collapse all files

2

public/ckeditor/plugins/markdown/js/purify.min.js vendored Normal file

View file

File diff suppressed because one or more lines are too long