🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
commonmark-react-renderer
Advanced tools
commonmark-react-renderer - npm Package Compare versions
Comparing version 3.0.0 to 3.0.2
@@ -5,2 +5,15 @@ # Change Log | ||
| ## [3.0.2] - 2016-02-21 | ||
| ### Changes | ||
| - The default URI transformer no longer applies double URI-encoding. | ||
| ## [3.0.1] - 2016-02-21 | ||
| ### Added | ||
| - The default URI transformer is now exposed on the `uriTransformer` property of the renderer, allowing it to be reused. | ||
| - Documentation for `transformLinkUri`-option. | ||
| ## [3.0.0] - 2016-02-21 | ||
@@ -20,3 +33,3 @@ | ||
| - New `unwrapDisallowed` option allows you to select if the contents of a disallowed node should be "unwrapped" (placed into the disallowed node position). For instance, setting this option to true and disallowing a link would still render the text of the link, instead of the whole link node and all it's children disappearing. (Espen Hovlandsdal) | ||
| - New `transformLinkUri` option allows you to transform URIs in links. By default, an XSS-filter is used, but you could also use this for use cases like transforming absolute to relative URLs, or similar. | ||
| - New `transformLinkUri` option allows you to transform URIs in links. By default, an XSS-filter is used, but you could also use this for use cases like transforming absolute to relative URLs, or similar. (Espen Hovlandsdal) | ||
@@ -23,0 +36,0 @@ ## [2.2.2] - 2016-01-22 |
| { | ||
| "name": "commonmark-react-renderer", | ||
| "description": "React renderer for CommonMark (rationalized Markdown)", | ||
| "version": "3.0.0", | ||
| "version": "3.0.2", | ||
| "keywords": [ | ||
@@ -6,0 +6,0 @@ "commonmark", |
@@ -50,2 +50,3 @@ # commonmark-react-renderer | ||
| * `renderers` - *object* An object where the keys represent the node type and the value is a React component. The object is merged with the default renderers. The props passed to the component varies based on the type of node. See the `Type renderer options` section below for more details. | ||
| * `transformLinkUri` - *function|null* Function that gets called for each encountered link with a single argument - `uri`. The returned value is used in place of the original. The default link URI transformer acts as an XSS-filter, neutralizing things like `javascript:`, `vbscript:` and `file:` protocols. If you specify a custom function, this default filter won't be called, but you can access it as `require('commonmark-react-renderer').uriTransformer`. If you want to disable the default transformer, pass `null` to this option. | ||
@@ -52,0 +53,0 @@ ## Type renderer options |
@@ -242,3 +242,6 @@ 'use strict'; | ||
| var url = uri.replace(/file:\/\//g, 'x-file://'); | ||
| return xssFilters.uriInDoubleQuotedAttr(url); | ||
| // React does a pretty swell job of escaping attributes, | ||
| // so to prevent double-escaping, we need to decode | ||
| return decodeURI(xssFilters.uriInDoubleQuotedAttr(url)); | ||
| } | ||
@@ -299,3 +302,4 @@ | ||
| ReactRenderer.renderers = defaultRenderers; | ||
| ReactRenderer.uriTransformer = defaultLinkUriFilter; | ||
| module.exports = ReactRenderer; |
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
21609
5.1%- Lines of code
267
1.14%- Number of lines in readme file
115
0.88%- Number of medium supply chain risk alerts
0
-100%No dependency changes