-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release v0.7.0 #1519
Release v0.7.0 #1519
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lots of good stuff in here!
Also, I think that release note or documentation should includes migration guide from |
@azu the documentation for the sanitize option lists a few other libraries that do a much better job sanitizing html. |
@UziTech Yes, I know. I've tried to use marked@0.7 and DOMPurify, but this combination has a bit complex context.
The browser enviroment does not need jsdom, but Node.js env does need jsdom. if(THIS_ENV_IS_NODE){
return marked + dompurify + jsdom
} else{
return marked + dompurify
} So, I've created a wrapper library for optimizing Browser and Node.js. safe-marked is a wrapper library of marked, DOMPurify, and jsdom. This wrapper aim to reduce pacakge size for browser.
ConclusionThe documentation just say following
Afte using marked + DOMPurify, I feed that it is hard to use However, The documentation is not fundamental solution. Thanks. 📝 Note: The size of recommentation libraries : sanitize-html is too large. insane looks like that is not maintained and have some problem.
Also, I love package size of |
We are always taking pull requests 😁 |
Release v0.7.0
Release Notes
Security
paragraph
andtext
tokens Sanitize hardening #1504Breaking Changes
sanitize
andsanitizer
options Sanitize hardening #1504fences
to CommonMark use correct options in specs #1511tables
to GFM use correct options in specs #1511tables
option use correct options in specs #1511Fixes
Tests
Publisher
$ npm version
has been run.master
with correct version number.$ npm publish
has been run.Note: If merges to
master
occur after submitting this PR and before running$ npm pubish
you should be able toupstream/master
(git pull upstream master
) into the branch holding this version,$ npm run build
to regenerate themin
file, andCommitter
In most cases, this should be someone different than the publisher.
package.json
has been updated (see PUBLISHING.md).marked.min.js
has been updated; or,