Comments (4)
rexxars
commented on May 23, 2024
4
Yes, you can either pass the skipHtml property, which will simply... skip HTML.
Or, you can use the escapeHtml property, which will render HTML as plain text.
from react-markdown.
IonicaBizau
commented on May 23, 2024
1
@rexxars Thanks for the quick reply. I'm learning React these days and I simply want to render a piece of markdown in my app (which may contain HTML, because it's coming from the user).
Is there an option to disable the HTML rendering in this component currently?
from react-markdown.
rexxars
commented on May 23, 2024
By disallowing HTML, basically. I don't think protecting against XSS should be part of this library - there are better alternatives for that. In the next major version of react-markdown, I actually aim to disable rendering of HTML by default - only enabling it behind an explicit property.
We do try to prevent XSS in markdown however, such as images and links rendered with actual markdown tags. Sorry if that wasn't the answer you were hoping for, but trying to handle sanitation of HTML is just a slippery slope to madness that I'd rather not handle unless I have to.
from react-markdown.
IonicaBizau
commented on May 23, 2024
Thanks! escapeHtml is what I wanted. Next time I'll check the docs more carefully. π π
from react-markdown.
Related Issues (20)
- βERR_PNPM_NO_MATCHING_VERSIONβ No matching version found for html-url-attributes@^3.0.0 HOT 2
- Link URL getting encoded in react-markdown v9 HOT 12
- Package dependencies error: ./node_modules/mdast-util-to-hast/lib/index.js Module not found: Can't resolve 'devlop' HOT 7
- Bug on old safari(14.1.1) macos 11.4 HOT 2
- Unable to resolve "devlop" from "node_modules/react-markdown/lib/index.js HOT 10
- Classname is always `undefined` HOT 8
- request refactoring HOT 3
- Usage of `Object.hasOwn` breaks web pages on iPad OS (iPad Air, Safari & Chrome) HOT 4
- rehypeKatex with remarkMath is not working for latex math HOT 1
- Does not parse ordered list from markdown correctly, HOT 6
- Code highliting with react-syntax-highlighter bug HOT 7
- Unnecessarily narrow range for React peer deps HOT 7
- Support for inapp links HOT 5
- text not created as hyperlink HOT 6
- Possible inconsistency with handling emphasis and strong when immediately followed by emphasis HOT 3
- p component overriding img component HOT 4
- A 11k star makrdown widget can not have a copy button at code block?
- How render image in cneter? HOT 3
- rermarkgfm showing tasklist wrong HOT 21
- \n Doesn't work properly HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from react-markdown.