Can't disable HTML sanitization

quantizor / markdown-to-jsx

🏭 The most lightweight, customizable React markdown component.

https://markdown-to-jsx.quantizor.dev/

MIT License

1.96k stars 169 forks source link

Can't disable HTML sanitization #564

Closed cfotos closed 2 weeks ago

cfotos commented 5 months ago

I want to be able to render an anchor tag with an onclick attribute that executes some javascript. This was possible before version 6.11.4, but was changed in this PR.

I think that users should be able to disable this sanitization. In my case, the markdown I'm rendering will always come from a trusted source, so I don't have to worry about XSS.

quantizor commented 5 months ago

An option to disable sanitization makes sense

SukkaW commented 3 months ago

I've created a PR #579 that implements this feature. @quantizor Would you like to review it?

nitbix commented 1 month ago

I'd be keen to see this happen as well, I have a couple of legitimate use cases where data URIs are being used in href.