markdown-it-sanitizer
Advanced tools
sanitizer plugin for markdown-it markdown parser.
All tags are parsed case insensitive.
<b>, <blockquote>, <code>, <em>, <h1>, ..., <h6>, <li>, <ol>, <ol start="42">, <p>, <pre>, <sub>, <sup>, <strong>, <strike>, <ul>
<br>, <hr>
<a href="http://example.com" title="link">text</a>
The title attribute is optional.
<img src="http://example.com" alt="cat" title="image">
The alt and title attributes are optional.
node.js, bower:
npm install markdown-it-sanitizer --save
bower install markdown-it-sanitizer --save
var md = require('markdown-it')({ html: true })
.use(require('markdown-it-sanitizer'));
md.render('<b>test<p></b>'); // => '<p><b>test</b></p>'
For not whitelisted tags and tags that don't have a matching opening/closing tag you can define whether you would like to remove or escape them. You can also define a class attribute that will be added to image tags. Here is an example with default values:
var md = require('markdown-it')({ html: true })
.use(require('markdown-it-sanitizer'), {
imageClass: '',
removeUnbalanced: false,
removeUnknown: false
});
// unknown tag
md.render('<u>test</u>'); // => '<p><u>test</u></p>'
// unknown tag with removeUnknown: true
md.render('<u>test</u>'); // => '<p>test</p>'
// unbalanced tags
md.render('<b>test</em>'); // => '<p><b>test</em></p>'
// unbalanced tags with removeUnbalanced: true
md.render('<b>test</em>'); // => '<p>test</p>'
// imageClass: 'img-responsive'
md.render('<img src="http://example.com/image.png" alt="image" title="example">'); // => '<p><img src="http://example.com/image.png" alt="image" title="example" class="img-responsive"></p>'
Differences in the browser. If you load the script directly into the page, without
package system, the module will add itself globally as window.markdownitSanitizer.
FAQs
sanitizer for markdown-it.
The npm package markdown-it-sanitizer receives a total of 10,445 weekly downloads. As such, markdown-it-sanitizer popularity was classified as popular.
We found that markdown-it-sanitizer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.