Handling ID attributes?

Question

Handling ID attributes?

ben-eb opened this issue 9 years ago · 4 comments

Thanks for the module. 👍

I was wondering if it would be possible for remark-react to handle the id attribute, so that it can be used alongside plugins such as https://github.com/wooorm/remark-slug & https://github.com/ben-eb/remark-autolink-headings. Right now, I have to use dangerouslySetInnerHTML so that I can work around this issue, but would much prefer that it would be handled here.

Answer 1 · 2016-05-05T17:48:35.000Z

Main concern here is DOM Clobbering, which is a very possible attack if we accept user-submitted IDs. If we support IDs they'll likely have to be prefixed to be safe.

Answer 2 · 2016-05-05T18:19:13.000Z

What do you think about an off-by-default flag for this behaviour? In my case, the input is not coming from the end-user; I'm building a site using https://github.com/MoOx/phenomic and so I can trust myself to not clobber the DOM. 😄

Answer 3 · 2016-05-19T10:11:48.000Z

This would help when working with https://github.com/wooorm/remark-toc too

Answer 4 · 2016-11-08T15:42:31.000Z

id attributes are allowed according to the current schema, but as they can “clobber” the DOM, they’re prefixed by default. In the schema, remove id from the schema.clobber array!