to_html only converts the Markdown AST to HTML; there is no way to safely render arbitrary/user-generated HTML content with XSS protection (allowlist-based sanitization). This would pair naturally with the existing http-import/--allow-net security-conscious design of the project.
to_htmlonly converts the Markdown AST to HTML; there is no way to safely render arbitrary/user-generated HTML content with XSS protection (allowlist-based sanitization). This would pair naturally with the existinghttp-import/--allow-netsecurity-conscious design of the project.