-
Robert Knight authored
In preparation for the move away from AngularJS, replace angular-sanitize with the DOMPurify library, which is a modern and widely used HTML sanitization library with no framework dependency. The sanitization logic is now encapsulated fully within the `render-markdown` module which no longer takes a sanitization function as an argument. That argument used to be necessary because the angular-sanitize function had to be obtained via Angular's dependency injection. DOMPurify can just be required as a module inside render-markdown.js. One improvement that is possible with DOMPurify but not done here is to generate sanitized DOM nodes directly instead of having showdown generate HTML, which is then parsed to DOM and sanitized, then converted back to HTML and finally converted back to DOM by Angular. Fixes #975
05db13ea
This project manages its dependencies using
Yarn.
Learn more