Skip to content

Commit

Permalink
docs: add js-xss to sanitizer warning (#2484)
Browse files Browse the repository at this point in the history 
close: #2482
  • Loading branch information
@vhscom
vhscom authored May 29, 2022
1 parent b01ae92 commit d27be83
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/INDEX.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ These documentation pages are also rendered using marked 💯

<h2 id="usage">Usage</h2>

### Warning: 🚨 Marked does not [sanitize](/using_advanced#options) the output HTML. Please use a sanitize library, like [DOMPurify](https://github.com/cure53/DOMPurify) (recommended), [sanitize-html](https://github.com/apostrophecms/sanitize-html) or [insane](https://github.com/bevacqua/insane) on the *output* HTML! 🚨
### Warning: 🚨 Marked does not [sanitize](/using_advanced#options) the output HTML. If you are processing potentially unsafe strings, it's important to filter for possible XSS attacks. Some filtering options include [DOMPurify](https://github.com/cure53/DOMPurify) (recommended), [js-xss](https://github.com/leizongmin/js-xss), [sanitize-html](https://github.com/apostrophecms/sanitize-html) and [insane](https://github.com/bevacqua/insane) on the *output* HTML! 🚨

```
DOMPurify.sanitize(marked.parse(`<img src="x" onerror="alert('not happening')">`));
Expand Down

1 comment on commit d27be83

@vercel
Copy link

@vercel vercel bot commented on d27be83 May 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Successfully deployed to the following URLs:

marked-website – ./

marked-website-git-master-markedjs.vercel.app
marked.js.org
marked-website-markedjs.vercel.app
markedjs.vercel.app

Please sign in to comment.