security: Use commonmarkjs with {safe: true} as intended.

2024-11-12 20:43:03 -05:00
parent 9b00b41a1e
commit 559504ae29
13 changed files with 19 additions and 19 deletions
--- a/apps/blog/blog.js
+++ b/apps/blog/blog.js
@ -52,8 +52,8 @@ export async function get_blog_message(id) {
 }

 export function markdown(md) {
-	let reader = new commonmark.Parser({safe: true});
-	let writer = new commonmark.HtmlRenderer();
+	let reader = new commonmark.Parser();
+	let writer = new commonmark.HtmlRenderer({safe: true});
 	let parsed = reader.parse(md || '');
 	let walker = parsed.walker();
 	let event, node;