Comparing version 11.0.0 to 11.0.1
{ | ||
"name": "remark", | ||
"version": "11.0.0", | ||
"version": "11.0.1", | ||
"description": "Markdown processor powered by plugins", | ||
@@ -5,0 +5,0 @@ "license": "MIT", |
@@ -152,2 +152,12 @@ # remark | ||
## Security | ||
As Markdown is sometimes used for HTML, and improper use of HTML can open you up | ||
to a [cross-site scripting (XSS)][xss] attack, use of remark can also be unsafe. | ||
When going to HTML, use remark in combination with the [**rehype**][rehype] | ||
ecosystem, and use [`rehype-sanitize`][sanitize] to make the tree safe. | ||
Use of remark plugins could also open you up to other attacks. | ||
Carefully assess each plugin and the risks involved in using them. | ||
## Contribute | ||
@@ -234,1 +244,7 @@ | ||
[announcement]: https://medium.com/unifiedjs/collectively-evolving-through-crowdsourcing-22c359ea95cc | ||
[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting | ||
[rehype]: https://github.com/rehypejs/rehype | ||
[sanitize]: https://github.com/rehypejs/rehype-sanitize |
@@ -7,9 +7,11 @@ // TypeScript Version: 3.0 | ||
type RemarkOptions = remarkParse.RemarkParseOptions & | ||
remarkStringify.RemarkStringifyOptions | ||
declare namespace remark { | ||
type RemarkOptions = remarkParse.RemarkParseOptions & | ||
remarkStringify.RemarkStringifyOptions | ||
} | ||
declare function remark< | ||
P extends Partial<RemarkOptions> = Partial<RemarkOptions> | ||
P extends Partial<remark.RemarkOptions> = Partial<remark.RemarkOptions> | ||
>(): unified.Processor<P> | ||
export = remark |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
8268
20
249