search

wooorm / markdown-rs

CommonMark compliant markdown parser in Rust with ASTs and extensions
https://docs.rs/markdown/1.0.0-alpha.18/markdown/
MIT License
836 stars 41 forks source link

HTML in markdown #112

Closed uberFoo closed 2 months ago

uberFoo commented 3 months ago

This crate quotes embedded HTML rather than passing it through, as the CommonMark crate suggests.

Am I missing an option or something?

Thanks for the help!

ChristianMurphy commented 3 months ago

Welcome @uberFoo! 👋 Sorry you ran into some confusion.

The crate does not quote the HTML, it does escape it and prevent it from opening your app up to XSS by default. https://github.com/wooorm/markdown-rs?tab=readme-ov-file#security

This can be configured with the options noted in the readme, if you trust the content being pass through.

uberFoo commented 2 months ago

Super — I must have missed that. Thank you!