starred/markdig
1
0
Fork 0
mirror of https://github.com/xoofx/markdig.git synced 2026-02-08 05:44:58 +00:00
Code Issues 690 Packages Projects Releases 20 Wiki Activity

Best way to have an allow/block list of HTML elements/attributes? #347

New Issue
Closed
opened 2026-01-29 14:34:23 +00:00 by claunia · 2 comments
claunia commented 2026-01-29 14:34:23 +00:00
Owner
Copy Link

Originally created by @Duncanma on GitHub (Feb 27, 2020).

Not really suggesting this as a base feature (although that would be great), more considering writing it as an extension myself and curious if someone on the project would have guidance on the best way to go about it (what part of the pipeline to engage with, etc). We are using markdig as the markdown parser behind https://docs.microsoft.com and would like to consider sanitizing our input more robustly. Thanks!

Originally created by @Duncanma on GitHub (Feb 27, 2020). Not really suggesting this as a base feature (although that would be great), more considering writing it as an extension myself and curious if someone on the project would have guidance on the best way to go about it (what part of the pipeline to engage with, etc). We are using markdig as the markdown parser behind https://docs.microsoft.com and would like to consider sanitizing our input more robustly. Thanks!
claunia added the wontfix label 2026-01-29 14:34:23 +00:00
claunia commented 2026-01-29 14:34:25 +00:00
Author
Owner
Copy Link

@mlaily commented on GitHub (Apr 27, 2020):

Not sure if useful, but I'm using https://github.com/mganss/HtmlSanitizer to do a second pass after Markdown.ToHtml(markdown, _markdownPipeline).

It's pretty flexible with its configuration.

@mlaily commented on GitHub (Apr 27, 2020): Not sure if useful, but I'm using https://github.com/mganss/HtmlSanitizer to do a second pass after `Markdown.ToHtml(markdown, _markdownPipeline)`. It's pretty flexible with its configuration.
claunia commented 2026-01-29 14:34:25 +00:00
Author
Owner
Copy Link

@xoofx commented on GitHub (Oct 10, 2025):

As it is coming back again, closing this issue as won't fix. The rationale is that Markdig should not be a place for sanitizing a HTML document. Any extension could also output custom HTML that should be sanitized as well. For such scenario, there are more specialized tools like https://github.com/mganss/HtmlSanitizer as mentioned by @mlaily

@xoofx commented on GitHub (Oct 10, 2025): As it is coming back again, closing this issue as won't fix. The rationale is that Markdig should not be a place for sanitizing a HTML document. Any extension could also output custom HTML that should be sanitized as well. For such scenario, there are more specialized tools like https://github.com/mganss/HtmlSanitizer as mentioned by @mlaily
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
documentation
enhancement
extension
Hacktoberfest
invalid
PR Welcome!
pull-request
Mirrored from GitHub Pull Request
 question
wontfix
No Label wontfix
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/markdig#347
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?