Is there a way to white-list specific HTML tags when sanitize is true?

[chevcast]

I love the sanitize feature and most markdown libraries don't include it or do it very badly. However, there is one feature that Marked does not have that my previous library did, the ability to white-list specific tags or a default set of tags (see node-markdown). Is it possible to have this added to Marked?

This library is the best javascript markdown library I've seen. The main attraction for me is the ability to use it on the server and on the client so I can generate Markdown previews for the user without making ajax calls or having differences between the client library and the server library. If I can just enable specific tags when sanitize is true that would complete the library for me.

[chjj]

This should actually be fairly simple. I'll mess around with something.

[matthewmueller]

+1

[martindale]

+1. This would be fantastic.

[passsy]

+1 push

[jonathanong]

+1

[AdrianoFerrari]

+1

[chevcast]

Seeing as how this isn't in there quite yet I'll try and take a stab at doing it myself sometime this week for you guys. I don't know the code yet so be patient. Hopefully I can figure out how to white-list specific tags and make this the most complete JS markdown library out there :D. I'll link to the fork here when I'm finished.

[Soleone]

yes please, 👍 for whitelist of tags i want to enable markdown for and others (e.g. images using ![text](link) I don't want to support)

[adius]

Why exactly was this issue closed? Seems still to be relevant to me!

[chevcast]

Wondered that myself. sad face

[chevcast]

Well it's not closed, but it was supposedly simple to implement.

[adius]

Oh right, the referenced issue is closed. Got it =P.
Well, then I'll just give a +1 cause I'd still like to see this feature implemented! =)

[gkoberger]

Another +1 on this.

[markstos]

+1

[j127]

This feature would be very useful.

[markstos]

A workaround is to not use the sanitize feature of Markdown, but instead pass the resulting HTML through a tool that focuses just on HTML sanitizing, like the insane module. It works out being about the same amount of code and configuration, and yes the insane module supports custom whitelists both tags and attributes.

The Markdown spec does not include any notion of HTML sanitizing. Sanitizing is a separate task that is well served by using a separate module.

[j127]

@markstos - thanks

[styfle]

I think @markstos is correct, using a 3rd party sanitizer is the solution here instead of adding a new feature.

I'm closing this in favor of #1232 which is a discussion about external sanitizers and deprecation of the internal sanitizer.