From 14dadf069746b1ef1ebb9b87d549e4b0254780d8 Mon Sep 17 00:00:00 2001
From: Anton Reshetov <reshetov.art@gmail.com>
Date: Thu, 7 Jul 2022 03:54:48 +0300
Subject: [PATCH 1/3] fix(markdown): render task list

---
 src/renderer/components/markdown/TheMarkdown.vue | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/renderer/components/markdown/TheMarkdown.vue b/src/renderer/components/markdown/TheMarkdown.vue
index e7ae2f61..8d091d31 100644
--- a/src/renderer/components/markdown/TheMarkdown.vue
+++ b/src/renderer/components/markdown/TheMarkdown.vue
@@ -77,7 +77,10 @@ const getRenderer = () => {
         'src',
         'target',
         'width',
-        'class'
+        'class',
+        'type',
+        'checked',
+        'disabled'
       ]
     }
   })

From 50cb59bb321db711eda4902af54a71e9cd7e403b Mon Sep 17 00:00:00 2001
From: Anton Reshetov <reshetov.art@gmail.com>
Date: Thu, 7 Jul 2022 04:06:24 +0300
Subject: [PATCH 2/3] types(markdown): add typing

---
 src/renderer/components/markdown/TheMarkdown.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/renderer/components/markdown/TheMarkdown.vue b/src/renderer/components/markdown/TheMarkdown.vue
index 8d091d31..b7e85845 100644
--- a/src/renderer/components/markdown/TheMarkdown.vue
+++ b/src/renderer/components/markdown/TheMarkdown.vue
@@ -29,7 +29,7 @@ const snippetStore = useSnippetStore()
 const forceRefresh = ref()
 
 const init = () => {
-  const renderer = {
+  const renderer: marked.RendererObject = {
     code (code: string, lang: string) {
       if (lang === 'mermaid') {
         return `<div class="mermaid">${code}</div><br>`

From c1449eb5822ac8def43892fab3c32ba7da5e15b2 Mon Sep 17 00:00:00 2001
From: Anton Reshetov <reshetov.art@gmail.com>
Date: Thu, 7 Jul 2022 04:21:21 +0300
Subject: [PATCH 3/3] fix(markdown): narrowing available tags

---
 .../components/markdown/TheMarkdown.vue       | 66 ++++++++++++++++++-
 1 file changed, 65 insertions(+), 1 deletion(-)

diff --git a/src/renderer/components/markdown/TheMarkdown.vue b/src/renderer/components/markdown/TheMarkdown.vue
index b7e85845..4de69cf9 100644
--- a/src/renderer/components/markdown/TheMarkdown.vue
+++ b/src/renderer/components/markdown/TheMarkdown.vue
@@ -66,7 +66,71 @@ onMounted(() => {
 const getRenderer = () => {
   const raw = marked.parse(props.value)
   const html = sanitizeHtml(raw, {
-    allowedTags: false,
+    allowedTags: [
+      'h1',
+      'h2',
+      'h3',
+      'h4',
+      'h5',
+      'h6',
+      'h7',
+      'h8',
+      'br',
+      'b',
+      'i',
+      'strong',
+      'em',
+      'a',
+      'pre',
+      'code',
+      'img',
+      'tt',
+      'div',
+      'ins',
+      'del',
+      'sup',
+      'sub',
+      'p',
+      'ol',
+      'ul',
+      'table',
+      'thead',
+      'tbody',
+      'tfoot',
+      'blockquote',
+      'dl',
+      'dt',
+      'dd',
+      'kbd',
+      'q',
+      'samp',
+      'var',
+      'hr',
+      'ruby',
+      'rt',
+      'rp',
+      'li',
+      'tr',
+      'td',
+      'th',
+      's',
+      'strike',
+      'summary',
+      'details',
+      'caption',
+      'figure',
+      'figcaption',
+      'abbr',
+      'bdo',
+      'cite',
+      'dfn',
+      'mark',
+      'small',
+      'span',
+      'time',
+      'wbr',
+      'input'
+    ],
     allowedAttributes: {
       '*': [
         'align',