Research
Security News
The Growing Risk of Malicious Browser Extensions
Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.
By Kush Pandya - Jun 13, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@intcreator/markdown-element
Advanced tools
<markdown-element>
A lit-html element that renders Markdown using Commonmark.js. This is a replacement for the Polymer sponsored <marked-element>. <marked-element> uses the somewhat outdated Marked parser, while <markdown-element> uses the up to date and better maintained Commonmark parser.
This element is designed to be used with Polymer 3 projects. If you want to use it elsewhere or figured out how to easily set it up by itself, please open an issue.
Set up
Install and save to package.json:
npm i --save @intcreator/markdown-element
Import where needed:
import '@intcreator/markdown-element';
Usage
markdown attribute
The markdown source is taken directly from the markdown attribute supplied to the element. The markdown supplied can be dynamically updated to change the rendered markdown.
<markdown-element markdown="This **demo** uses the `markdown` _attribute_, not `src`"></markdown-element>
src attribute
The src attribute can be used to load a markdown file through AJAX. It overrides the markdown attribute. The source can be dynamically updated to change the markdown file displayed.
<markdown-element src="./demo.md"></markdown-element>
<script> tag
A <script> tag can be inserted inside of the <markdown-element> to provide the markdown source. It overrides the markdown and src attributes. Support for changing this markdown source dynamically is not yet implemented.
<markdown-element>
<script type="text/markdown">
This demo uses a `<script>` tag.
</script>
</markdown-element>
Properties
safe
Use the safe property if you are accepting user input that cannot be trusted (to prevent XSS attacks). This will prevent raw HTML and links beginning in javascript:, vbscript:, etc. from being rendered. For more details, see the Commonmark.js README explanation of safe.
<markdown-element safe>
<script type="text/markdown">
This <button onclick="alert('JavaScript executed')">button</button> is evil
</script>
</markdown-element>
Roadmap to 1.0
Here are a few issues that need to be resolved before the 1.0 release:
- Dynamically update markdown when changed in the script tag (if possible) or find another way to dynamically update multiline-markdown
Contributing
Let's make this element even better! Want to help? Found a problem? Open an issue or contact me on the Polymer Slack, Twitter, etc. @intcreator.
FAQs
A Markdown renderer that uses the Commonmark spec
The npm package @intcreator/markdown-element receives a total of 71 weekly downloads. As such, @intcreator/markdown-element popularity was classified as not popular.
We found that @intcreator/markdown-element demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 Jul 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
2025 Blockchain and Cryptocurrency Threat Report: Malware in the Open Source Supply Chain
An in-depth analysis of credential stealers, crypto drainers, cryptojackers, and clipboard hijackers abusing open source package registries to compromise Web3 development environments.
By Kirill Boychenko - Jun 12, 2025
Security News
pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.
By Sarah Gooding - Jun 11, 2025