Does markdown-js support inline HTML?

[H23120]

Hi, How do I wrap text around an image, embed youtube video with custom border, size with markdown-js? Does markdown-js support inline HTML?

[adam-stokes]

see bug #11

[smmurf]

Sorry for not opening a separate issue, but this one is about what I wanted to ask.

E. g. I want to allow visitors of some site to leave comments with markdown. So can I rely on markdown-js that it doesn't allow users to insert any html (that can be dangerous)? If it suddenly begins to support inline html in future versions, can I expect it wouldn't be enabled by default or at least easily configured to be disabled?

[ashb]

As @battlemidget mention, no, not yet. Its on the todo list as basically the last major feature before 1.0 but I don't have a personal need/desire for this so it hasn't happened yet.

@smmurf I can't guarantee that it won't support HTML by default (my feeling is that it should, but a lot of people expect it to.) What I can say is that when it does, it will 1) be easy to disable, 2) by a major version bump (i.e. it will go to 1.0) so If you use "markdown": "~0.4" you won't get HTML support without noticing it. (I think that's the right npm version syntax)

[smmurf]

Thank you, that's what I need!

Hope I'm not mistaken and no dangerous code can be produced without inline html support (have to double-check it). In this case it's perfect for me now.

[ashb]

About the most dangerous you can get is including an image that might leak info from referrer info or drop a third party cookie.

[smmurf]

But it can happen only with images placed on other domains, so I can check src of an image in the parsed data before building the output.

Also now I see how to disable some features (e.g. h1 inside a comment). That's awesome that you give access to parsed data!