From 925d9624d5550f5166849407dc92d0df84389c75 Mon Sep 17 00:00:00 2001 From: creesch Date: Wed, 26 Jul 2023 19:41:57 +0200 Subject: [PATCH] Allow limited set of markdown in title rendering (#1977) --- src/shared/markdown.ts | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/shared/markdown.ts b/src/shared/markdown.ts index 33afd716..142000d8 100644 --- a/src/shared/markdown.ts +++ b/src/shared/markdown.ts @@ -23,6 +23,14 @@ export let md: MarkdownIt = new MarkdownIt(); export let mdNoImages: MarkdownIt = new MarkdownIt(); +// Zero disables all rules. +// Only explicitly allow a limited set of rules safe for use in post titles. +export const mdLimited: MarkdownIt = new MarkdownIt("zero").enable([ + "emphasis", + "backticks", + "strikethrough", +]); + export const customEmojis: EmojiMartCategory[] = []; export let customEmojisLookup: Map = new Map< @@ -43,7 +51,7 @@ export function mdToHtmlNoImages(text: string) { } export function mdToHtmlInline(text: string) { - return { __html: md.renderInline(text) }; + return { __html: mdLimited.renderInline(text) }; } const spoilerConfig = {