security: Use commonmarkjs with {safe: true} as intended.

2024-11-12 20:43:03 -05:00
parent 9b00b41a1e
commit 559504ae29
13 changed files with 19 additions and 19 deletions
--- a/apps/ssb/tf-utils.js
+++ b/apps/ssb/tf-utils.js
@ -81,8 +81,8 @@ function attrs(node) {
 }

 export function markdown(md) {
-	let reader = new commonmark.Parser({safe: true});
-	let writer = new commonmark.HtmlRenderer();
+	let reader = new commonmark.Parser();
+	let writer = new commonmark.HtmlRenderer({safe: true});
 	writer.image = image;
 	writer.code = code;
 	writer.attrs = attrs;