rhysd
commented
5 years ago I'm sorry for catching this issue late.
Due to security reason, HTML tags are sanitized. Some HTML tags such as <img>, <cite>, <kbd>, ... (listed here). This is the same as GitHub.
https://github.com/rhysd/marked-sanitizer-github
Without this sanitization, loading malicious markdown documentation causes arbitrary code execution (reported at #42).
It would be useful if Shiba could support standard html tags, such as iframes. It would allow to include a lot of contents (e.g. YouTube, etc...)