HTML sanitizer is moved from renderMarkdown to HTML content transformer middleware, please refer to PR #5338
If you customized renderMarkdown with a custom HTML sanitizer, please move the HTML sanitizer to the new HTML content transformer middleware
Added
Added HTML content transformer middleware, in PR #5338, by @compulim
HTML content transformer is used by useRenderMarkdown to transform the result from renderMarkdown
HTML sanitizer is moved from renderMarkdown into HTML content transformer for better coverage
Copy button is added to fenced code blocks (<pre><code>)
Description
Refactored part of renderMarkdown into HTML content transformer: sanitizer and copy button.
This is to support code blocks syntax highlighting (#5335) in Markdown. Another PR will bring syntax highlighting to Markdown fenced code blocks shortly.
Design
Today, our renderMarkdown do a couple of things:
Renders Markdown as HTML
"Better link" adds accessibility and security features to all links
Add "Copy button" to all fenced code blocks (<pre><code>)
HTML sanitizer
In this PR, we are refactoring the "copy button" and HTML sanitizer into a middleware of their own. We will port "better link" later.
This will help web devs who customized renderMarkdown to sanitize the output HTML without additional efforts. Web devs can bring their own HTML sanitizer.
Specific Changes
Added htmlContentTransformerMiddleware
Ported "code blocks copy button" to the default HTML content transformer middleware
Ported sanitize-html to the default HTML content transformer middleware
[x] I have added tests and executed them locally
[x] I have updated CHANGELOG.md
[x] ~I have updated documentation~
Review Checklist
This section is for contributors to review your work.
[x] ~Accessibility reviewed (tab order, content readability, alt text, color contrast)~
[x] ~Browser and platform compatibilities reviewed~
[x] ~CSS styles reviewed (minimal rules, no z-index)~
[x] ~Documents reviewed (docs, samples, live demo)~
[x] ~Internationalization reviewed (strings, unit formatting)~
[x] ~package.json and package-lock.json reviewed~
[x] Security reviewed (no data URIs, check for nonce leak)
Changelog Entry
Breaking changes
renderMarkdownto HTML content transformer middleware, please refer to PR #5338renderMarkdownwith a custom HTML sanitizer, please move the HTML sanitizer to the new HTML content transformer middlewareAdded
useRenderMarkdownto transform the result fromrenderMarkdownrenderMarkdowninto HTML content transformer for better coverage<pre><code>)Description
Refactored part of
renderMarkdowninto HTML content transformer: sanitizer and copy button.This is to support code blocks syntax highlighting (#5335) in Markdown. Another PR will bring syntax highlighting to Markdown fenced code blocks shortly.
Design
Today, our
renderMarkdowndo a couple of things:<pre><code>)In this PR, we are refactoring the "copy button" and HTML sanitizer into a middleware of their own. We will port "better link" later.
This will help web devs who customized
renderMarkdownto sanitize the output HTML without additional efforts. Web devs can bring their own HTML sanitizer.Specific Changes
htmlContentTransformerMiddlewaresanitize-htmlto the default HTML content transformer middlewareCHANGELOG.mdReview Checklist
z-index)~package.jsonandpackage-lock.jsonreviewed~