Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
updated plugin to use markdown-it instead of remarkable, and updated …
…validateLink method to discard all data-uris, until a solution is developed upstream.
- Loading branch information
Showing
with
14 additions
and
3 deletions.
-
+13
−2
index.js
-
+1
−1
package.json
|
|
@@ -1,7 +1,7 @@ |
|
|
(function() { |
|
|
"use strict"; |
|
|
|
|
|
var Remarkable = require('remarkable'), |
|
|
var MarkdownIt = require('markdown-it'), |
|
|
fs = require('fs'), |
|
|
path = require('path'), |
|
|
url = require('url'), |
|
|
@@ -67,7 +67,18 @@ |
|
|
_self.highlight = _self.config.highlight || true; |
|
|
delete _self.config.highlight; |
|
|
|
|
|
parser = new Remarkable(_self.config); |
|
|
parser = new MarkdownIt(_self.config); |
|
|
|
|
|
// Override the link validator from MarkdownIt, so you cannot link directly to a data-uri |
|
|
parser.validateLink = function(url) { |
|
|
var BAD_PROTOCOLS = [ 'vbscript', 'javascript', 'file', 'data' ]; |
|
|
var str = url.trim().toLowerCase(); |
|
|
|
|
|
if (str.indexOf(':') >= 0 && BAD_PROTOCOLS.indexOf(str.split(':')[0]) >= 0) { |
|
|
return false; |
|
|
} |
|
|
return true; |
|
|
} |
|
|
}); |
|
|
}, |
|
|
|
|
|
|
|
|
@@ -18,7 +18,7 @@ |
|
|
"url": "https://github.com/julianlam/nodebb-plugin-markdown/issues" |
|
|
}, |
|
|
"dependencies": { |
|
|
"remarkable": "^1.3.0" |
|
|
"markdown-it": "^4.0.3" |
|
|
}, |
|
|
"nbbpm": { |
|
|
"compatibility": "^0.7.0" |
|
|
|
