security: Use commonmarkjs with {safe: true} as intended.

2024-11-12 20:43:03 -05:00
parent 9b00b41a1e
commit 559504ae29
13 changed files with 19 additions and 19 deletions
--- a/apps/issues/tf-utils.js
+++ b/apps/issues/tf-utils.js
@ -61,8 +61,8 @@ function image(node, entering) {
 }

 export function markdown(md) {
-	var reader = new commonmark.Parser({safe: true});
-	var writer = new commonmark.HtmlRenderer();
+	var reader = new commonmark.Parser();
+	var writer = new commonmark.HtmlRenderer({safe: true});
 	writer.image = image;
 	var parsed = reader.parse(md || '');
 	parsed = linkify.transform(parsed);