Tag: markdown

Pacharapol Withayasakpunt Pacharapol Withayasakpunt
Thu 30 April 2020

You can use any markdown implementation, including MarkdownIt, but first you have to make it insecure first, by allowing HTML.

const markdownIt = MarkdownIt({
  html: true
})

Then, use DOMPurify, but allow <iframe> tag, including related attributes.

Then, sanitize insecure iframes later.

DOMPurify.addHook('uponSanitizeElement', (node, data) => {
  if (data.tagName === 'iframe') {
    const src = node.getAttribute('src') || ''
    if (!src.startsWith('https://www.youtube.com/embed/')) {
      return node.parentNode?.removeChild(node)
    }
  }
})
Pacharapol Withayasakpunt Pacharapol Withayasakpunt
Sat 4 January 2020

What is Pug

Pug is a high-performance template engine heavily influenced by Haml and implemented with JavaScript for Node.js and browsers.

Pug uses whitespace syntax, and is Tab / Space -sensitive, just like Markdown and Python

Pug is mainly a template engine for Node.js, and cannot be installed for Webpack via NPM/Yarn, however there is https://github.com/pugjs/pug#browser-support but it is a very large file. However, I created HyperPug a while ago, and it is relatively small.

Pacharapol Withayasakpunt Pacharapol Withayasakpunt
Tue 9 July 2019
Injecting unsafe HTML into Bolt entries + CodeMirror/UIKit editor

By default, both Markdown field and HTML field is available for Bolt CMS, but sanitation is done before inserting into the database, making rendering of certain elements impossible; especially, for those starting with < (Unless you use &lt;).

So, I fixed this while preserving the editor (CodeMirror/UIKit) here.

patarapolw/bolt-markup

patarapolw/bolt-markup

Bolt extension to insert unsafe markdown and HTML, while preserving the editor - patarapolw/bolt-markup