remark-stringify
Advanced tools
Comparing version 7.0.1 to 7.0.2
{ | ||
"name": "remark-stringify", | ||
"version": "7.0.1", | ||
"version": "7.0.2", | ||
"description": "remark plugin to compile Markdown", | ||
@@ -5,0 +5,0 @@ "license": "MIT", |
@@ -90,2 +90,3 @@ # remark-stringify | ||
* [`function visitor(node[, parent])`](#function-visitornode-parent) | ||
* [Security](#security) | ||
* [Contribute](#contribute) | ||
@@ -279,2 +280,12 @@ * [License](#license) | ||
## Security | ||
As Markdown is sometimes used for HTML, and improper use of HTML can open you up | ||
to a [cross-site scripting (XSS)][xss] attack, use of remark can also be unsafe. | ||
When going to HTML, use remark in combination with the [**rehype**][rehype] | ||
ecosystem, and use [`rehype-sanitize`][sanitize] to make the tree safe. | ||
Use of remark plugins could also open you up to other attacks. | ||
Carefully assess each plugin and the risks involved in using them. | ||
## Contribute | ||
@@ -367,1 +378,7 @@ | ||
[string-length]: https://github.com/wooorm/markdown-table#stringlengthcell | ||
[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting | ||
[rehype]: https://github.com/rehypejs/rehype | ||
[sanitize]: https://github.com/rehypejs/rehype-sanitize |
// TypeScript Version: 3.0 | ||
import {Attacher, Compiler, Processor} from 'unified' | ||
import {Compiler, Processor, Plugin} from 'unified' | ||
import {Node, Parent} from 'unist' | ||
@@ -14,3 +14,3 @@ | ||
declare namespace remarkStringify { | ||
interface Stringify extends Attacher<[Partial<RemarkStringifyOptions>]> { | ||
interface Stringify extends Plugin<[Partial<RemarkStringifyOptions>?]> { | ||
Compiler: typeof RemarkCompiler | ||
@@ -17,0 +17,0 @@ (this: Processor, options?: Partial<RemarkStringifyOptions>): void |
53600
382