/markdown-it-sanitizer

sanitizer for markdown-it.

Primary LanguageJavaScriptMIT LicenseMIT

markdown-it-sanitizer

Build Status Coverage Status npm version

sanitizer plugin for markdown-it markdown parser.

Accepted tags

All tags are parsed case insensitive.

Balanced

<b>, <blockquote>, <code>, <em>, <h1>, ..., <h6>, <li>, <ol>, <ol start="42">, <p>, <pre>, <sub>, <sup>, <strong>, <strike>, <ul>

Standalone

<br>, <hr>

Links

<a href="http://example.com" title="link">text</a>

The title attribute is optional.

Images

<img src="http://example.com" alt="cat" title="image">

The alt and title attributes are optional.

Install

node.js, bower:

npm install markdown-it-sanitizer --save
bower install markdown-it-sanitizer --save

Use

Basic

var md = require('markdown-it')({ html: true })
            .use(require('markdown-it-sanitizer'));

md.render('<b>test<p></b>'); // => '<p><b>test</b></p>'

Advanced

For not whitelisted tags and tags that don't have a matching opening/closing tag you can define whether you would like to remove or escape them. You can also define a class attribute that will be added to image tags. Here is an example with default values:

var md = require('markdown-it')({ html: true })
            .use(require('markdown-it-sanitizer'), {
              imageClass: '',
              removeUnbalanced: false,
              removeUnknown: false
            });

// unknown tag
md.render('<u>test</u>'); // => '<p>&lt;u&gt;test&lt;/u&gt;</p>'
// unknown tag with removeUnknown: true
md.render('<u>test</u>'); // => '<p>test</p>'

// unbalanced tags
md.render('<b>test</em>'); // => '<p>&lt;b&gt;test&lt;/em&gt;</p>'
// unbalanced tags with removeUnbalanced: true
md.render('<b>test</em>'); // => '<p>test</p>'

// imageClass: 'img-responsive'
md.render('<img src="http://example.com/image.png" alt="image" title="example">'); // => '<p><img src="http://example.com/image.png" alt="image" title="example" class="img-responsive"></p>'

Differences in the browser. If you load the script directly into the page, without package system, the module will add itself globally as window.markdownitSanitizer.

License

MIT