Open Gargron opened 10 years ago
There is no option to disable raw HTML.
I will add options (or an extension) for it. Thank you for your feedback :)
Any news on this?
Go to http://ciconia.kzykhys.com/ and enter
<script>alert('oh no');</script>
Obviously only tags outside the code blocks should be stripped or converted (as here on github).
Hello!
I tried removing the
htmlBlock
extension, but raw HTML is still allowed. I can't find any option to disable it. That's fine for command-line usage where you control the inputs, but if you want to parse Markdown on a site with user-generated content, allowing raw HTML is a hazard.Where and how could this be done?
Cheers, Eugen