You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allow modifying HTML attribute sanitization when `options.sanitizer` is passed by the composer.
By default a lightweight URL sanitizer function is provided to avoid common attack vectors that might be placed into the `href` of an anchor tag, for example. The sanitizer receives the input, the HTML tag being targeted, the attribute name, and the default sanitizer as a fallback if you only need special handling for certain cases.
By default a lightweight URL sanitizer function is provided to avoid common attack vectors that might be placed into the `href` of an anchor tag, for example. The sanitizer receives the input, the HTML tag being targeted, and the attribute name. The original function is available as a library export called `sanitizer`.
This can be overridden and replaced with a custom sanitizer if desired via `options.sanitizer`:
```jsx
// sanitizer in this situation would receive:
// ('javascript:alert("foo")', 'a', 'href', fn)
// ('javascript:alert("foo")', 'a', 'href')
;<Markdown options={{ sanitizer: (value, tag, attribute, defaultFn) => value }}>
;<Markdown options={{ sanitizer: (value, tag, attribute) => value }}>
