search

sindresorhus / linkify-urls

Linkify URLs in a string
MIT License
160 stars 22 forks source link

Get DOM nodes back instead of HTML #2

Closed fregante closed 7 years ago

fregante commented 7 years ago

Passing raw text and getting HTML can cause XSS: https://github.com/sindresorhus/refined-github/issues/510

linkify-urls could return a DocumentFragment like:

"textNode", Node(a[href=link](link)), "textNode"
sindresorhus commented 7 years ago

👍 Good idea. I think it should be a separate method though, as the current way can be useful in non-browser environments.