With the release of commonmarker 0.18.0, HTML safety was introduced as a default (to avoid XSS). But if someone wants to allow unsafe elements in their markdown, they should be able to pass that option down to CommonMarker through html-pipeline.
Usage from my app:
# without the `unsafe` option being specified:
> HTML::Pipeline.new([HTML::Pipeline::MarkdownFilter])
.call('<a href="http://example.com">Link</a>')
=> {:output=>"<p><!-- raw HTML omitted -->Link<!-- raw HTML omitted --></p>"}
# with the `unsafe` option being specified:
> HTML::Pipeline.new([HTML::Pipeline::MarkdownFilter])
.call('<a href="http://example.com">Link</a>', unsafe: true)
=> {:output=>"<p><a href=\"http://example.com\">Link</a></p>"}
gjtorikian
commented
5 years ago
With the release of commonmarker 0.18.0, HTML safety was introduced as a default (to avoid XSS). But if someone wants to allow unsafe elements in their markdown, they should be able to pass that option down to CommonMarker through html-pipeline.
Usage from my app: