cesardeazevedo
commented
3 weeks ago Indeed, I also got rid of our own link extension in favor of extending tiptap link-extension because of that, and apparently tiptap already handles it https://github.com/chroth/tiptap/blob/main/tests/cypress/integration/extensions/link.spec.ts#L74
Also tiptap-markdown uses markdown-it under the hood https://github.com/markdown-it/markdown-it/security
Planning to add some more unit/e2e tests soon
Since we're going to be using nostr-editor to render notes from other people, we should be sure XSS isn't possible. I'm unclear from the docs whether this is the case. See also https://github.com/ueberdosis/tiptap/pull/5160