search

instance-oom / ngx-markdown-editor

Angular markdown editor based on ace editor
http://lon-yang.github.io/markdown-editor/
Apache License 2.0
174 stars 48 forks source link

Sanitizing HTML #84

Closed reevesba closed 3 years ago

reevesba commented 3 years ago

Hello,

I have configured my md editor similar to the demo app. When I set markedjsOpt.sanitize to false, the HTML is still sanitized.

Thanks.

instance-oom commented 3 years ago

Can you create a demo project on stackblitz? I have tested at https://ngx-markdown-editor.stackblitz.io/, and it's not sanitized with code 

<img src="" onerror="alert(1)" />
reevesba commented 3 years ago

Hey lon-yang, thanks for the response. I was eventually able to work around this.