search

supabase / dbdev

Database Package Registry for Postgres
https://database.dev/
Apache License 2.0
370 stars 19 forks source link

docs: support github markdown #162

Open kiwicopple opened 9 months ago

kiwicopple commented 9 months ago

Chore

Describe the chore

dbdev deoesn't support all of gh flavored markdown:

image

Additional context

https://database.dev/kiwicopple/supa_audit

from this extension:

https://github.com/supabase/supa_audit

imor commented 9 months ago

Looks like raw html is not supported currently. If I add set skipHtml={true} in the props of the ReactMarkdown component, the above README renders correctly. But this sounds dangerous because it might open up possibility of XSS attacks. Although I couldn't get it to render a <script> tag, so it does filter out some tags. @alaister do you know how safe will it be to set skipHtml={true}?

alaister commented 9 months ago

Yes, I think skipHtml seems to be only for trusted environments: https://github.com/remarkjs/react-markdown?tab=readme-ov-file#appendix-a-html-in-markdown

I'll investigate what the proper method is here.