From: creesch Date: Wed, 26 Jul 2023 17:41:57 +0000 (+0200) Subject: Allow limited set of markdown in title rendering (#1977) X-Git-Url: http://these/git/%7Bthis.captchaPngSrc%28%29%7D?a=commitdiff_plain;h=925d9624d5550f5166849407dc92d0df84389c75;p=lemmy-ui.git Allow limited set of markdown in title rendering (#1977) --- diff --git a/src/shared/markdown.ts b/src/shared/markdown.ts index 33afd71..142000d 100644 --- a/src/shared/markdown.ts +++ b/src/shared/markdown.ts @@ -23,6 +23,14 @@ export let md: MarkdownIt = new MarkdownIt(); export let mdNoImages: MarkdownIt = new MarkdownIt(); +// Zero disables all rules. +// Only explicitly allow a limited set of rules safe for use in post titles. +export const mdLimited: MarkdownIt = new MarkdownIt("zero").enable([ + "emphasis", + "backticks", + "strikethrough", +]); + export const customEmojis: EmojiMartCategory[] = []; export let customEmojisLookup: Map = new Map< @@ -43,7 +51,7 @@ export function mdToHtmlNoImages(text: string) { } export function mdToHtmlInline(text: string) { - return { __html: md.renderInline(text) }; + return { __html: mdLimited.renderInline(text) }; } const spoilerConfig = {