search

wooorm / xdm

Just a *really* good MDX compiler. No runtime. With esbuild, Rollup, and webpack plugins
http://wooorm.com/xdm/
MIT License
595 stars 18 forks source link

Add experimental remote MDX support to esbuild #66

Closed wooorm closed 3 years ago

wooorm commented 3 years ago

This adds support for loading MD(X) files over the wire (https?://). This might be interesting for folks who have files in other repos for example. Or that want to include some readme from GitHub and such.

Note though that this is a) unsafe: it evals remote code, and b) experimental: Please test it out, see whether this is a good idea or not, and leave feedback!

Review w/o whitespace

See docs

ChristianMurphy commented 3 years ago

Potentially outside the scope of this PR. Loading from URLs opens more potential for untrusted code to be included, which you have already noted in the docs.

This PR is setup nicely to support trusted files coming from a remote server. It could be worth seeing if some containerization could be done to limit what markdown and mdx files can access or modify. Some related projects which can help with sandboxing/containerizing code:

wooorm commented 3 years ago

Last I looked, for the Security section, I found that vm2 might be the best of those. Not an expert at all though. (note: esbuild will most often be used to create browser bundles though)

I improved the note in the allowDangerousRemoteMdx section to link to Security. Do you have recommendations for the Security section?

wooorm commented 3 years ago

Released! https://github.com/wooorm/xdm/releases/tag/1.12.0