Closed cfotos closed 2 weeks ago
An option to disable sanitization makes sense
I've created a PR #579 that implements this feature. @quantizor Would you like to review it?
I'd be keen to see this happen as well, I have a couple of legitimate use cases where data URIs are being used in href.
I want to be able to render an anchor tag with an onclick attribute that executes some javascript. This was possible before version 6.11.4, but was changed in this PR.
I think that users should be able to disable this sanitization. In my case, the markdown I'm rendering will always come from a trusted source, so I don't have to worry about XSS.