Allow limited set of markdown in title rendering (#1977)

This commit is contained in:
creesch 2023-07-26 19:41:57 +02:00 committed by GitHub
parent a67c70a449
commit 925d9624d5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -23,6 +23,14 @@ export let md: MarkdownIt = new MarkdownIt();
export let mdNoImages: MarkdownIt = new MarkdownIt(); export let mdNoImages: MarkdownIt = new MarkdownIt();
// Zero disables all rules.
// Only explicitly allow a limited set of rules safe for use in post titles.
export const mdLimited: MarkdownIt = new MarkdownIt("zero").enable([
"emphasis",
"backticks",
"strikethrough",
]);
export const customEmojis: EmojiMartCategory[] = []; export const customEmojis: EmojiMartCategory[] = [];
export let customEmojisLookup: Map<string, CustomEmojiView> = new Map< export let customEmojisLookup: Map<string, CustomEmojiView> = new Map<
@ -43,7 +51,7 @@ export function mdToHtmlNoImages(text: string) {
} }
export function mdToHtmlInline(text: string) { export function mdToHtmlInline(text: string) {
return { __html: md.renderInline(text) }; return { __html: mdLimited.renderInline(text) };
} }
const spoilerConfig = { const spoilerConfig = {