GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → azu → safe-marked

azu / safe-marked

Licence: MIT license
Markdown to HTML using marked and DOMPurify. Safe by default.

Programming Languages

typescript
32286 projects
shell
77523 projects

Labels

htmlmarkdownconverterxsssafesanitize

Projects that are alternatives of or similar to safe-marked

hast-util-sanitize
utility to sanitize hast nodes
Stars: ✭ 34 (+9.68%)
Mutual labels:  xss, sanitize
dcc-web
Convert docker run/create commands to docker-compose.yml files.
Stars: ✭ 27 (-12.9%)
Mutual labels:  converter
recode-converter
A modern & simple audio converter for video files
Stars: ✭ 22 (-29.03%)
Mutual labels:  converter
gradle2kts
Gradle Groovy to Gradle Kotlin conversion tool - discontinued spike
Stars: ✭ 34 (+9.68%)
Mutual labels:  converter
diwa
A Deliberately Insecure Web Application
Stars: ✭ 32 (+3.23%)
Mutual labels:  xss
webp-wasm
Webp image convertor (webassembly, works offline in browser)
Stars: ✭ 18 (-41.94%)
Mutual labels:  converter
it-tools
Aggregated set of useful tools that every developer may need once in a while.
Stars: ✭ 222 (+616.13%)
Mutual labels:  converter
SwiftUI-Currency-Converter
Currency Converter project coded by SwiftUI and Swift5
Stars: ✭ 56 (+80.65%)
Mutual labels:  converter
svg2vector
Online batch converter of SVG images to Android vector drawable XML resource files
Stars: ✭ 39 (+25.81%)
Mutual labels:  converter
parquet2
Fastest and safest Rust implementation of parquet. `unsafe` free. Integration-tested against pyarrow
Stars: ✭ 157 (+406.45%)
Mutual labels:  safe
crimson
Bioinformatics tool outputs converter to JSON or YAML
Stars: ✭ 30 (-3.23%)
Mutual labels:  converter
css-to-typestyle
Convert raw CSS to TypeStyle
Stars: ✭ 12 (-61.29%)
Mutual labels:  converter
Numbase
Arbitrary number base converter.
Stars: ✭ 22 (-29.03%)
Mutual labels:  converter
docx-you-want
An unusual PDF-to-DOCX converter.
Stars: ✭ 40 (+29.03%)
Mutual labels:  converter
security-wrapper
对springSecurity进行二次开发,提供OAuth2授权(支持跨域名,多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定,解绑)、加密通信等一系列安全场景的解决方案
Stars: ✭ 21 (-32.26%)
Mutual labels:  xss
Wallpaper-Engine-Pkg-to-Zip
Simple program to convert the wallpaper engine pkg files to zip and back!
Stars: ✭ 57 (+83.87%)
Mutual labels:  converter
dinputto8
A dll module that is designed to improve compatibility in games using DirectInput 1-7 (dinput.dll) by converting all API calls to their equivalent DirectInput 8 (dinput8.dll) ones. This allows older games to be able to use newer tools and wrappers written for DirectInput 8.
Stars: ✭ 42 (+35.48%)
Mutual labels:  converter
docscii
DocBook to AsciiDoc converter
Stars: ✭ 14 (-54.84%)
Mutual labels:  converter
Foxss-XSS-Penetration-Testing-Tool
Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.
Stars: ✭ 35 (+12.9%)
Mutual labels:  xss
tipograph
A little javascript library and command line tool that makes your written content more typographically correct.
Stars: ✭ 52 (+67.74%)
Mutual labels:  converter
View All Similar Projects ➔

safe-marked Actions Status: test

Convert Markdown to HTML using marked and DOMPurify.

Motivation

marked does not sanitized by default. Also, marked will remove sanitize option in the future.

We want to get safe and easy library that convert Markdown to HTML.

Features

  • Convert Markdown to HTML using marked
  • Safe by default
  • Type Safe by default
    • This library is written by TypeScript
  • Work on Browser and Node.js

Size

  package           size      minified  gzipped
  safe-marked       90.15 KB  39.36 KB  13.82 KB (browser bundle size)
  [email protected]      45.05 KB  23.87 KB  7.87 KB
  [email protected]  45.21 KB  15.3 KB   5.99 KB
  
  # Other Markdown library  
  [email protected]  325.52 KB  92.69 KB  32.77 KB
  [email protected]     157.28 KB  71.06 KB  23.55 KB

Install

Install with npm:

npm install safe-marked

Usage

import { createMarkdown } from "safe-marked";
const markdown = createMarkdown();
const html = markdown(`# Header

This is [CommonMark](https://commonmark.org/) text.
`);
console.log(html); 
/* <h1 id="header">Header</h1>
   <p>This is <a href="https://commonmark.org/">CommonMark</a> text.</p>
*/

The output is sanitized by default.

import { createMarkdown } from "safe-marked";
const markdown = createMarkdown();
const html = markdown(`<script>alert(1)</script>
<iframe src="https://example.com"></iframe>

This is [XSS](javascript:alert(1))`);
// sanitized by default
assert.strictEqual(html, `

<p>This is <a>XSS</a></p>
`);

Options

You can pass options for these library.

An example for options:

import { createMarkdown } from "safe-marked";
const markdown = createMarkdown({
    // same options for https://marked.js.org/#/USING_ADVANCED.md
    marked: {
        headerIds: false
    },
    // same options for https://github.com/cure53/DOMPurify
    dompurify: {
        ADD_TAGS: ["iframe"]
    }
});
const html = markdown(`# Header

<iframe src="https://example.com"></iframe>
This is [CommonMark](https://commonmark.org/) text.
`);
assert.strictEqual(html, `<h1>Header</h1>
<iframe src="https://example.com"></iframe>
This is [CommonMark](https://commonmark.org/) text.
`);

FAQ

Does safe-marked always include jsdom?

No. safe-marked has two type of entry point.

  • Node.js
  • Browser

Browser entrypoint does not includes jsdom. (just use marked + dompurify)

Changelog

See Releases page.

Running tests

Install devDependencies and Run npm test:

npm test

Contributing

Pull requests and stars are always welcome.

For bugs and feature requests, please create an issue.

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request :D

License

MIT © azu

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].