Pacharapol Withayasakpunt Pacharapol Withayasakpunt
Thu 30 April 2020

You can use any markdown implementation, including MarkdownIt, but first you have to make it insecure first, by allowing HTML.

const markdownIt = MarkdownIt({
  html: true

Then, use DOMPurify, but allow <iframe> tag, including related attributes.

Then, sanitize insecure iframes later.

DOMPurify.addHook('uponSanitizeElement', (node, data) => {
  if (data.tagName === 'iframe') {
    const src = node.getAttribute('src') || ''
    if (!src.startsWith('')) {
      return node.parentNode?.removeChild(node)
Pacharapol Withayasakpunt Pacharapol Withayasakpunt
Mon 27 April 2020

The website is

ZhQuiz - Hanzi, Vocab and Sentences quizzing

Hanzi, Vocab and Sentences quizzing system

Sorry, there is not landing page yet, just login and do the personalized quiz.

I hosted the container on Google Cloud Run, which the price seems much more reasonable than Heroku Hobby.

Domain name was purchased on Namecheap for $ 8 /year.

The stacks are

  • Node.js (Fastify + firebase-admin)
  • Vue + Firebase Auth
  • MongoDB Atlas

Now the foremost, and most important is

  • Sometimes the website is not accessible on mobile.
  • Cannot access with www. (do you need one these days?)

A little less important, not pressing right now is

  • MongoDB Atlas security

What do you recommend, as this is the first time hosting a container. It was much easier for static sites on Netlify (

Pacharapol Withayasakpunt Pacharapol Withayasakpunt
Thu 23 April 2020

This might not be something so special, but I bet not everyone knows.

Running *.ts files directly

Use ts-node instead of node, and ts-node-dev instead of nodemon.

Cannot run ts-node due to import syntaxes? No problemo, try this

ts-node -O '{"module": "commonjs"}' scripts/example.ts

I do not recommend you use ts-node in production.