Skip to content
sanitizer for markdown-it.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
dist
test
.eslintignore
.eslintrc.yml
.gitignore
.npmignore
.travis.yml
CHANGELOG.md
LICENSE
Makefile
README.md
bower.json
index.js
package.json

README.md

markdown-it-sanitizer

Build Status Coverage Status npm version

sanitizer plugin for markdown-it markdown parser.

Accepted tags

All tags are parsed case insensitive.

Balanced

<b>, <blockquote>, <code>, <em>, <h1>, ..., <h6>, <li>, <ol>, <ol start="42">, <p>, <pre>, <sub>, <sup>, <strong>, <strike>, <ul>

Standalone

<br>, <hr>

Links

<a href="http://example.com" title="link">text</a>

The title attribute is optional.

Images

<img src="http://example.com" alt="cat" title="image">

The alt and title attributes are optional.

Install

node.js, bower:

npm install markdown-it-sanitizer --save
bower install markdown-it-sanitizer --save

Use

Basic

var md = require('markdown-it')({ html: true })
            .use(require('markdown-it-sanitizer'));

md.render('<b>test<p></b>'); // => '<p><b>test</b></p>'

Advanced

For not whitelisted tags and tags that don't have a matching opening/closing tag you can define whether you would like to remove or escape them. You can also define a class attribute that will be added to image tags. Here is an example with default values:

var md = require('markdown-it')({ html: true })
            .use(require('markdown-it-sanitizer'), {
              imageClass: '',
              removeUnbalanced: false,
              removeUnknown: false
            });

// unknown tag
md.render('<u>test</u>'); // => '<p>&lt;u&gt;test&lt;/u&gt;</p>'
// unknown tag with removeUnknown: true
md.render('<u>test</u>'); // => '<p>test</p>'

// unbalanced tags
md.render('<b>test</em>'); // => '<p>&lt;b&gt;test&lt;/em&gt;</p>'
// unbalanced tags with removeUnbalanced: true
md.render('<b>test</em>'); // => '<p>test</p>'

// imageClass: 'img-responsive'
md.render('<img src="http://example.com/image.png" alt="image" title="example">'); // => '<p><img src="http://example.com/image.png" alt="image" title="example" class="img-responsive"></p>'

Differences in the browser. If you load the script directly into the page, without package system, the module will add itself globally as window.markdownitSanitizer.

License

MIT

You can’t perform that action at this time.