sanitizer plugin for markdown-it markdown parser.
All tags are parsed case insensitive.
<b>
, <blockquote>
, <code>
, <em>
, <h1>
, ..., <h6>
, <li>
, <ol>
, <ol start="42">
, <p>
, <pre>
, <sub>
, <sup>
, <strong>
, <strike>
, <ul>
, <details>
, <summary>
<br>
, <hr>
<a href="http://example.com" title="link">text</a>
The title
attribute is optional.
<img src="http://example.com" alt="cat" title="image">
The alt
and title
attributes are optional.
node.js, bower:
npm install markdown-it-sanitizer --save
bower install markdown-it-sanitizer --save
var md = require('markdown-it')({ html: true })
.use(require('markdown-it-sanitizer'));
md.render('<b>test<p></b>'); // => '<p><b>test</b></p>'
For not whitelisted tags and tags that don't have a matching opening/closing tag you can define whether you would like to remove or escape them. You can also define a class attribute that will be added to image tags. Here is an example with default values:
var md = require('markdown-it')({ html: true })
.use(require('markdown-it-sanitizer'), {
imageClass: '',
removeUnbalanced: false,
removeUnknown: false
});
// unknown tag
md.render('<u>test</u>'); // => '<p><u>test</u></p>'
// unknown tag with removeUnknown: true
md.render('<u>test</u>'); // => '<p>test</p>'
// unbalanced tags
md.render('<b>test</em>'); // => '<p><b>test</em></p>'
// unbalanced tags with removeUnbalanced: true
md.render('<b>test</em>'); // => '<p>test</p>'
// imageClass: 'img-responsive'
md.render('<img src="http://example.com/image.png" alt="image" title="example">'); // => '<p><img src="http://example.com/image.png" alt="image" title="example" class="img-responsive"></p>'
Differences in the browser. If you load the script directly into the page, without
package system, the module will add itself globally as window.markdownitSanitizer
.