security: Use commonmarkjs with {safe: true} as intended.

2024-11-12 20:43:03 -05:00
parent 9b00b41a1e
commit 559504ae29
13 changed files with 19 additions and 19 deletions
--- a/apps/api/app.js
+++ b/apps/api/app.js
@@ -21,7 +21,7 @@ function* treeify(prefix, o) {

 function markdown(md) {
 	let parsed = new commonmark.Parser().parse(md ?? '*undocumented*');
-	return new commonmark.HtmlRenderer().render(parsed);
+	return new commonmark.HtmlRenderer({safe: true}).render(parsed);
 }

 function document(api) {