@humanspeak/svelte-markdown 1.3.0 → 1.4.1

package/dist/Parser.svelte

@@ -55,6 +55,12 @@
         Tokens,
         RendererComponent
     } from './utils/markdown-parser.js'
+    import {
+        defaultSanitizeAttributes,
+        defaultSanitizeUrl,
+        type SanitizeAttributesFn,
+        type SanitizeUrlFn
+    } from './utils/sanitize.js'
 
     // trunk-ignore(eslint/@typescript-eslint/no-explicit-any)
     type AnySnippet = (..._args: any[]) => any
@@ -68,6 +74,8 @@
         renderers: T
         snippetOverrides?: Record<string, AnySnippet>
         htmlSnippetOverrides?: Record<string, AnySnippet>
+        sanitizeUrl?: SanitizeUrlFn
+        sanitizeAttributes?: SanitizeAttributesFn
     }
 
     const {
@@ -79,10 +87,34 @@
         renderers,
         snippetOverrides = {},
         htmlSnippetOverrides = {},
+        sanitizeUrl = defaultSanitizeUrl,
+        sanitizeAttributes = defaultSanitizeAttributes,
         ...rest
     }: Props & {
         [key: string]: unknown
     } = $props()
+
+    // Sanitize rest props before they reach any renderer or snippet.
+    // This is the single enforcement point — custom renderers cannot bypass it.
+    const sanitizedRest = $derived.by(() => {
+        if ((type === 'link' || type === 'image') && typeof rest.href === 'string') {
+            const tag = type === 'link' ? 'a' : 'img'
+            const sanitized = sanitizeUrl(rest.href, { type, tag })
+            return { ...rest, href: sanitized || undefined }
+        }
+        if (type === 'html' && rest.attributes) {
+            const tag = (rest.tag as string) ?? ''
+            return {
+                ...rest,
+                attributes: sanitizeAttributes(
+                    rest.attributes as Record<string, string>,
+                    { type, tag },
+                    sanitizeUrl
+                )
+            }
+        }
+        return rest
+    })
 </script>
 
 {#if !type}
@@ -95,6 +127,8 @@
                 {renderers}
                 {snippetOverrides}
                 {htmlSnippetOverrides}
+                {sanitizeUrl}
+                {sanitizeAttributes}
             />
         {/each}
     {/if}
@@ -112,26 +146,31 @@
                     {#snippet theadContent()}
                         {#snippet headerRowContent()}
                             {#each header ?? [] as headerItem, i (i)}
-                                {@const { align: _align, ...cellRest } = rest}
+                                {@const { align: _align, ...cellRest } = sanitizedRest}
                                 {#snippet headerCellContent()}
                                     <Parser
                                         tokens={headerItem.tokens}
                                         {renderers}
                                         {snippetOverrides}
                                         {htmlSnippetOverrides}
+                                        {sanitizeUrl}
+                                        {sanitizeAttributes}
                                     />
                                 {/snippet}
                                 {#if cellSnippet}
                                     {@render cellSnippet({
                                         header: true,
-                                        align: (rest.align as string[] | undefined)?.[i] ?? null,
+                                        align:
+                                            (sanitizedRest.align as string[] | undefined)?.[i] ??
+                                            null,
                                         ...cellRest,
                                         children: headerCellContent
                                     })}
                                 {:else}
                                     <renderers.tablecell
                                         header={true}
-                                        align={(rest.align as string[] | undefined)?.[i] ?? null}
+                                        align={(sanitizedRest.align as string[] | undefined)?.[i] ??
+                                            null}
                                         {...cellRest}
                                     >
                                         {@render headerCellContent()}
@@ -140,17 +179,17 @@
                             {/each}
                         {/snippet}
                         {#if rowSnippet}
-                            {@render rowSnippet({ ...rest, children: headerRowContent })}
+                            {@render rowSnippet({ ...sanitizedRest, children: headerRowContent })}
                         {:else}
-                            <renderers.tablerow {...rest}>
+                            <renderers.tablerow {...sanitizedRest}>
                                 {@render headerRowContent()}
                             </renderers.tablerow>
                         {/if}
                     {/snippet}
                     {#if theadSnippet}
-                        {@render theadSnippet({ ...rest, children: theadContent })}
+                        {@render theadSnippet({ ...sanitizedRest, children: theadContent })}
                     {:else}
-                        <renderers.tablehead {...rest}>
+                        <renderers.tablehead {...sanitizedRest}>
                             {@render theadContent()}
                         </renderers.tablehead>
                     {/if}
@@ -160,7 +199,7 @@
                         {#each rows ?? [] as row, i (i)}
                             {#snippet bodyRowContent()}
                                 {#each row ?? [] as cells, j (j)}
-                                    {@const { align: _align, ...cellRest } = rest}
+                                    {@const { align: _align, ...cellRest } = sanitizedRest}
                                     {#snippet bodyCellContent()}
                                         {#each cells.tokens ?? [] as cellToken, index (index)}
                                             <Parser
@@ -169,6 +208,8 @@
                                                 {renderers}
                                                 {snippetOverrides}
                                                 {htmlSnippetOverrides}
+                                                {sanitizeUrl}
+                                                {sanitizeAttributes}
                                             />
                                         {/each}
                                     {/snippet}
@@ -176,7 +217,9 @@
                                         {@render cellSnippet({
                                             header: false,
                                             align:
-                                                (rest.align as string[] | undefined)?.[j] ?? null,
+                                                (sanitizedRest.align as string[] | undefined)?.[
+                                                    j
+                                                ] ?? null,
                                             ...cellRest,
                                             children: bodyCellContent
                                         })}
@@ -184,8 +227,9 @@
                                         <renderers.tablecell
                                             {...cellRest}
                                             header={false}
-                                            align={(rest.align as string[] | undefined)?.[j] ??
-                                                null}
+                                            align={(sanitizedRest.align as string[] | undefined)?.[
+                                                j
+                                            ] ?? null}
                                         >
                                             {@render bodyCellContent()}
                                         </renderers.tablecell>
@@ -193,18 +237,18 @@
                                 {/each}
                             {/snippet}
                             {#if rowSnippet}
-                                {@render rowSnippet({ ...rest, children: bodyRowContent })}
+                                {@render rowSnippet({ ...sanitizedRest, children: bodyRowContent })}
                             {:else}
-                                <renderers.tablerow {...rest}>
+                                <renderers.tablerow {...sanitizedRest}>
                                     {@render bodyRowContent()}
                                 </renderers.tablerow>
                             {/if}
                         {/each}
                     {/snippet}
                     {#if tbodySnippet}
-                        {@render tbodySnippet({ ...rest, children: tbodyContent })}
+                        {@render tbodySnippet({ ...sanitizedRest, children: tbodyContent })}
                     {:else}
-                        <renderers.tablebody {...rest}>
+                        <renderers.tablebody {...sanitizedRest}>
                             {@render tbodyContent()}
                         </renderers.tablebody>
                     {/if}
@@ -212,9 +256,9 @@
             {/snippet}
 
             {#if tableSnippet}
-                {@render tableSnippet({ ...rest, children: tableContent })}
+                {@render tableSnippet({ ...sanitizedRest, children: tableContent })}
             {:else}
-                <renderers.table {...rest}>
+                <renderers.table {...sanitizedRest}>
                     {@render tableContent()}
                 </renderers.table>
             {/if}
@@ -224,7 +268,7 @@
 
         {#if ordered}
             {#snippet orderedListContent()}
-                {@const { items: _items, ...parserRest } = rest}
+                {@const { items: _items, ...parserRest } = sanitizedRest}
                 {@const items = (_items as Props[] | undefined) ?? []}
                 {#each items as item, index (index)}
                     {@const OrderedListComponent = renderers.orderedlistitem || renderers.listitem}
@@ -237,6 +281,8 @@
                             {renderers}
                             {snippetOverrides}
                             {htmlSnippetOverrides}
+                            {sanitizeUrl}
+                            {sanitizeAttributes}
                         />
                     {/snippet}
                     {#if orderedItemSnippet}
@@ -249,15 +295,15 @@
                 {/each}
             {/snippet}
             {#if listSnippet}
-                {@render listSnippet({ ordered, ...rest, children: orderedListContent })}
+                {@render listSnippet({ ordered, ...sanitizedRest, children: orderedListContent })}
             {:else}
-                <renderers.list {ordered} {...rest}>
+                <renderers.list {ordered} {...sanitizedRest}>
                     {@render orderedListContent()}
                 </renderers.list>
             {/if}
         {:else}
             {#snippet unorderedListContent()}
-                {@const { items: _items, ...parserRest } = rest}
+                {@const { items: _items, ...parserRest } = sanitizedRest}
                 {@const items = (_items as Props[] | undefined) ?? []}
                 {#each items as item, index (index)}
                     {@const UnorderedListComponent =
@@ -271,6 +317,8 @@
                             {renderers}
                             {snippetOverrides}
                             {htmlSnippetOverrides}
+                            {sanitizeUrl}
+                            {sanitizeAttributes}
                         />
                     {/snippet}
                     {#if unorderedItemSnippet}
@@ -283,16 +331,16 @@
                 {/each}
             {/snippet}
             {#if listSnippet}
-                {@render listSnippet({ ordered, ...rest, children: unorderedListContent })}
+                {@render listSnippet({ ordered, ...sanitizedRest, children: unorderedListContent })}
             {:else}
-                <renderers.list {ordered} {...rest}>
+                <renderers.list {ordered} {...sanitizedRest}>
                     {@render unorderedListContent()}
                 </renderers.list>
             {/if}
         {/if}
     {:else if type === 'html'}
-        {@const { tag, ...localRest } = rest}
-        {@const htmlTag = rest.tag as keyof typeof Html}
+        {@const { tag, ...localRest } = sanitizedRest}
+        {@const htmlTag = sanitizedRest.tag as keyof typeof Html}
         {@const htmlSnippet = htmlSnippetOverrides[htmlTag as string]}
         {#if htmlSnippet}
             {#snippet htmlSnippetChildren()}
@@ -302,31 +350,38 @@
                         {renderers}
                         {snippetOverrides}
                         {htmlSnippetOverrides}
+                        {sanitizeUrl}
+                        {sanitizeAttributes}
                         {...Object.fromEntries(
                             Object.entries(localRest).filter(([key]) => key !== 'attributes')
                         )}
                     />
                 {:else}
-                    <renderers.rawtext text={rest.raw} {...rest} />
+                    <renderers.rawtext text={sanitizedRest.raw} {...sanitizedRest} />
                 {/if}
             {/snippet}
-            {@render htmlSnippet({ attributes: rest.attributes, children: htmlSnippetChildren })}
+            {@render htmlSnippet({
+                attributes: sanitizedRest.attributes,
+                children: htmlSnippetChildren
+            })}
         {:else if renderers.html && htmlTag in renderers.html}
             {@const HtmlComponent = renderers.html[htmlTag as keyof typeof renderers.html]}
             {#if HtmlComponent}
-                <HtmlComponent {...rest}>
+                <HtmlComponent {...sanitizedRest}>
                     {#if tokens && (tokens as Token[]).length}
                         <Parser
                             tokens={tokens as Token[]}
                             {renderers}
                             {snippetOverrides}
                             {htmlSnippetOverrides}
+                            {sanitizeUrl}
+                            {sanitizeAttributes}
                             {...Object.fromEntries(
                                 Object.entries(localRest).filter(([key]) => key !== 'attributes')
                             )}
                         />
                     {:else}
-                        <renderers.rawtext text={rest.raw} {...rest} />
+                        <renderers.rawtext text={sanitizedRest.raw} {...sanitizedRest} />
                     {/if}
                 </HtmlComponent>
             {/if}
@@ -336,6 +391,8 @@
                 {renderers}
                 {snippetOverrides}
                 {htmlSnippetOverrides}
+                {sanitizeUrl}
+                {sanitizeAttributes}
                 {...Object.fromEntries(
                     Object.entries(localRest).filter(([key]) => key !== 'tokens')
                 )}
@@ -347,23 +404,25 @@
 
         {#snippet renderChildren()}
             {#if tokens}
-                {@const { text: _text, raw: _raw, ...parserRest } = rest}
+                {@const { text: _text, raw: _raw, ...parserRest } = sanitizedRest}
                 <Parser
                     {...parserRest}
                     {tokens}
                     {renderers}
                     {snippetOverrides}
                     {htmlSnippetOverrides}
+                    {sanitizeUrl}
+                    {sanitizeAttributes}
                 />
             {:else}
-                <renderers.rawtext text={rest.raw} {...rest} />
+                <renderers.rawtext text={sanitizedRest.raw} {...sanitizedRest} />
             {/if}
         {/snippet}
 
         {#if typeSnippet}
-            {@render typeSnippet({ ...rest, children: renderChildren })}
+            {@render typeSnippet({ ...sanitizedRest, children: renderChildren })}
         {:else if GeneralComponent}
-            <GeneralComponent {...rest}>
+            <GeneralComponent {...sanitizedRest}>
                 {@render renderChildren()}
             </GeneralComponent>
         {/if}

package/dist/Parser.svelte.d.ts

@@ -46,6 +46,7 @@
      */
 import Parser from './Parser.svelte';
 import type { Renderers, Token, TokensList, Tokens } from './utils/markdown-parser.js';
+import { type SanitizeAttributesFn, type SanitizeUrlFn } from './utils/sanitize.js';
 type AnySnippet = (..._args: any[]) => any;
 interface Props<T extends Renderers = Renderers> {
     type?: string;
@@ -56,6 +57,8 @@ interface Props<T extends Renderers = Renderers> {
     renderers: T;
     snippetOverrides?: Record<string, AnySnippet>;
     htmlSnippetOverrides?: Record<string, AnySnippet>;
+    sanitizeUrl?: SanitizeUrlFn;
+    sanitizeAttributes?: SanitizeAttributesFn;
 }
 type $$ComponentProps = Props & {
     [key: string]: unknown;

package/dist/SvelteMarkdown.svelte

@@ -65,6 +65,7 @@
     } from './utils/markdown-parser.js'
     import { parseAndCacheTokens, parseAndCacheTokensAsync } from './utils/parse-and-cache.js'
     import { rendererKeysInternal } from './utils/rendererKeys.js'
+    import { defaultSanitizeAttributes, defaultSanitizeUrl } from './utils/sanitize.js'
     import { Marked } from 'marked'
 
     // trunk-ignore(eslint/@typescript-eslint/no-explicit-any)
@@ -85,6 +86,8 @@
         isInline = false,
         parsed = () => {},
         extensions = [],
+        sanitizeUrl = defaultSanitizeUrl,
+        sanitizeAttributes = defaultSanitizeAttributes,
         ...rest
     }: SvelteMarkdownProps & {
         [key: string]: unknown
@@ -496,4 +499,6 @@
     renderers={combinedRenderers}
     {snippetOverrides}
     {htmlSnippetOverrides}
+    {sanitizeUrl}
+    {sanitizeAttributes}
 />

package/dist/index.d.ts

@@ -19,6 +19,7 @@ import { type HtmlRenderers } from './renderers/html/index.js';
 import SvelteMarkdown from './SvelteMarkdown.svelte';
 import type { BlockquoteSnippetProps, BrSnippetProps, CodeSnippetProps, CodespanSnippetProps, DelSnippetProps, EmSnippetProps, EscapeSnippetProps, HeadingSnippetProps, HrSnippetProps, HtmlSnippetOverrides, HtmlSnippetProps, ImageSnippetProps, LinkSnippetProps, ListItemSnippetProps, ListSnippetProps, ParagraphSnippetProps, RawTextSnippetProps, SnippetOverrides, StreamingChunk, StreamingOffsetChunk, StrongSnippetProps, SvelteMarkdownOptions, SvelteMarkdownProps, TableBodySnippetProps, TableCellSnippetProps, TableHeadSnippetProps, TableRowSnippetProps, TableSnippetProps, TextSnippetProps } from './types.js';
 import { defaultRenderers, type RendererComponent, type Renderers, type Token, type TokensList } from './utils/markdown-parser.js';
+import type { SanitizeAttributesFn, SanitizeContext, SanitizeUrlFn } from './utils/sanitize.js';
 /** The primary markdown rendering component. */
 export default SvelteMarkdown;
 /** Default HTML tag-to-component map and the unsupported-tag placeholder. */
@@ -59,8 +60,17 @@ export { htmlRendererKeysInternal as htmlRendererKeys, rendererKeysInternal as r
  */
 export { MemoryCache } from './utils/cache.js';
 export { IncrementalParser, type IncrementalUpdateResult } from './utils/incremental-parser.js';
+/**
+ * URL sanitization utilities for XSS prevention.
+ *
+ * - `defaultSanitizeUrl`        — protocol allowlist (http, https, mailto, tel, relative)
+ * - `defaultSanitizeAttributes` — strips event handlers and sanitizes URL attributes
+ * - `unsanitizedUrl`            — passthrough (allows all URLs)
+ * - `unsanitizedAttributes`     — passthrough (allows all attributes)
+ */
+export { defaultSanitizeAttributes, defaultSanitizeUrl, unsanitizedAttributes, unsanitizedUrl } from './utils/sanitize.js';
 export { TokenCache, tokenCache } from './utils/token-cache.js';
 /** Re-exported `MarkedExtension` type for the `extensions` prop. */
 export type { MarkedExtension } from 'marked';
 /** Re-exported types for consumer convenience. */
-export type { BlockquoteSnippetProps, BrSnippetProps, CodeSnippetProps, CodespanSnippetProps, DelSnippetProps, EmSnippetProps, EscapeSnippetProps, HeadingSnippetProps, HrSnippetProps, HtmlRenderers, HtmlSnippetOverrides, HtmlSnippetProps, ImageSnippetProps, LinkSnippetProps, ListItemSnippetProps, ListSnippetProps, ParagraphSnippetProps, RawTextSnippetProps, RendererComponent, Renderers, SnippetOverrides, StreamingChunk, StreamingOffsetChunk, StrongSnippetProps, SvelteMarkdownOptions, SvelteMarkdownProps, TableBodySnippetProps, TableCellSnippetProps, TableHeadSnippetProps, TableRowSnippetProps, TableSnippetProps, TextSnippetProps, Token, TokensList };
+export type { BlockquoteSnippetProps, BrSnippetProps, CodeSnippetProps, CodespanSnippetProps, DelSnippetProps, EmSnippetProps, EscapeSnippetProps, HeadingSnippetProps, HrSnippetProps, HtmlRenderers, HtmlSnippetOverrides, HtmlSnippetProps, ImageSnippetProps, LinkSnippetProps, ListItemSnippetProps, ListSnippetProps, ParagraphSnippetProps, RawTextSnippetProps, RendererComponent, Renderers, SanitizeAttributesFn, SanitizeContext, SanitizeUrlFn, SnippetOverrides, StreamingChunk, StreamingOffsetChunk, StrongSnippetProps, SvelteMarkdownOptions, SvelteMarkdownProps, TableBodySnippetProps, TableCellSnippetProps, TableHeadSnippetProps, TableRowSnippetProps, TableSnippetProps, TextSnippetProps, Token, TokensList };

package/dist/index.js

@@ -58,4 +58,13 @@ export { htmlRendererKeysInternal as htmlRendererKeys, rendererKeysInternal as r
  */
 export { MemoryCache } from './utils/cache.js';
 export { IncrementalParser } from './utils/incremental-parser.js';
+/**
+ * URL sanitization utilities for XSS prevention.
+ *
+ * - `defaultSanitizeUrl`        — protocol allowlist (http, https, mailto, tel, relative)
+ * - `defaultSanitizeAttributes` — strips event handlers and sanitizes URL attributes
+ * - `unsanitizedUrl`            — passthrough (allows all URLs)
+ * - `unsanitizedAttributes`     — passthrough (allows all attributes)
+ */
+export { defaultSanitizeAttributes, defaultSanitizeUrl, unsanitizedAttributes, unsanitizedUrl } from './utils/sanitize.js';
 export { TokenCache, tokenCache } from './utils/token-cache.js';

package/dist/renderers/Image.svelte

@@ -24,7 +24,13 @@ is displayed with reduced opacity and a grayscale filter.
         fadeIn?: boolean // Enable fade-in effect (default: true)
     }
 
-    const { href = '', title = undefined, text = '', lazy = true, fadeIn = true }: Props = $props()
+    const {
+        href = undefined,
+        title = undefined,
+        text = '',
+        lazy = true,
+        fadeIn = true
+    }: Props = $props()
 
     let img: HTMLImageElement
     let loaded = $state(false)

package/dist/renderers/Link.svelte

@@ -14,7 +14,7 @@ Renders a markdown link (`[text](url "title")`) as an `<a>` element.
         title?: string
         children?: Snippet
     }
-    const { href = '', title = undefined, children }: Props = $props()
+    const { href = undefined, title = undefined, children }: Props = $props()
 </script>
 
 <a {href} {title}>{@render children?.()}</a>

package/dist/types.d.ts

@@ -21,7 +21,10 @@ import type { MarkedExtension, Token, TokensList } from 'marked';
 import type { Snippet } from 'svelte';
 import type { MarkedOptions, Renderers } from './utils/markdown-parser.js';
 import type { HtmlKey } from './utils/rendererKeys.js';
+import type { SanitizeAttributesFn, SanitizeUrlFn } from './utils/sanitize.js';
 export interface ParagraphSnippetProps {
+    raw?: string;
+    text?: string;
     children?: Snippet;
 }
 export interface HeadingSnippetProps {
@@ -35,29 +38,41 @@ export interface HeadingSnippetProps {
 export interface LinkSnippetProps {
     href?: string;
     title?: string;
+    raw?: string;
+    text?: string;
     children?: Snippet;
 }
 export interface ImageSnippetProps {
     href?: string;
     title?: string;
     text?: string;
+    raw?: string;
 }
 export interface CodeSnippetProps {
     lang: string;
     text: string;
+    codeBlockStyle?: 'indented';
 }
 export interface CodespanSnippetProps {
     raw: string;
+    text?: string;
 }
 export interface BlockquoteSnippetProps {
+    raw?: string;
+    text?: string;
     children?: Snippet;
 }
 export interface ListSnippetProps {
     ordered?: boolean;
     start?: number;
+    loose?: boolean;
     children?: Snippet;
 }
 export interface ListItemSnippetProps {
+    text?: string;
+    task?: boolean;
+    checked?: boolean;
+    loose?: boolean;
     children?: Snippet;
     listItemIndex?: number;
 }
@@ -79,17 +94,25 @@ export interface TableCellSnippetProps {
     children?: Snippet;
 }
 export interface EmSnippetProps {
+    raw?: string;
+    text?: string;
     children?: Snippet;
 }
 export interface StrongSnippetProps {
+    raw?: string;
+    text?: string;
     children?: Snippet;
 }
 export interface DelSnippetProps {
+    raw?: string;
+    text?: string;
     children?: Snippet;
 }
 export type HrSnippetProps = Record<string, never>;
 export type BrSnippetProps = Record<string, never>;
 export interface TextSnippetProps {
+    raw?: string;
+    text?: string;
     children?: Snippet;
 }
 export interface RawTextSnippetProps {
@@ -97,6 +120,7 @@ export interface RawTextSnippetProps {
 }
 export interface EscapeSnippetProps {
     text: string;
+    raw?: string;
 }
 export type SnippetOverrides = {
     paragraph?: Snippet<[ParagraphSnippetProps]>;
@@ -127,10 +151,10 @@ export type SnippetOverrides = {
 /**
  * Props passed to HTML snippet overrides.
  *
- * **Security note:** `attributes` are spread directly onto the rendered HTML element.
- * This includes any attribute from the source markdown, such as `onclick` or `onerror`.
- * If rendering untrusted markdown, use `allowHtmlOnly`/`excludeHtmlOnly` to restrict
- * allowed tags, or integrate your own sanitizer to strip dangerous attributes.
+ * **Security note:** By default, `attributes` are sanitized in the Parser before
+ * reaching any renderer or snippet — event handlers (`on*`) are stripped and
+ * URL attributes are validated against a protocol allowlist. To customize this
+ * behavior, pass a `sanitizeUrl` prop to `SvelteMarkdown`.
  */
 export interface HtmlSnippetProps {
     attributes?: Record<string, string | number | boolean | undefined>;
@@ -218,6 +242,30 @@ export type SvelteMarkdownProps<T extends Renderers = Renderers> = {
      * @param tokens - The parsed token array or `TokensList`.
      */
     parsed?: (tokens: Token[] | TokensList) => void;
+    /**
+     * Custom URL sanitizer applied in the Parser before tokens reach any
+     * renderer component or snippet. Receives a URL string and must return
+     * a sanitized URL (or `''` to strip it).
+     *
+     * The default allowlists `http:`, `https:`, `mailto:`, `tel:`, and
+     * relative URLs. Override to implement a custom policy.
+     *
+     * @defaultValue {@link defaultSanitizeUrl}
+     */
+    sanitizeUrl?: SanitizeUrlFn;
+    /**
+     * Custom HTML attribute sanitizer applied in the Parser before tokens
+     * reach any renderer component or snippet. Receives the attribute map,
+     * a {@link SanitizeContext} with token type and HTML tag name, and the
+     * active `sanitizeUrl` function.
+     *
+     * The default strips all `on*` event handlers and runs URL-bearing
+     * attributes (`href`, `src`, `action`, etc.) through `sanitizeUrl`.
+     * Override to add custom attribute rules per tag.
+     *
+     * @defaultValue {@link defaultSanitizeAttributes}
+     */
+    sanitizeAttributes?: SanitizeAttributesFn;
 } & Partial<SnippetOverrides> & Partial<HtmlSnippetOverrides>;
 export interface SvelteMarkdownOptions extends MarkedOptions {
     /**

package/dist/utils/sanitize.d.ts

@@ -0,0 +1,69 @@
+/**
+ * URL and HTML attribute sanitization utilities for XSS prevention.
+ *
+ * These functions are applied in the Parser before tokens reach any
+ * renderer component or snippet, ensuring custom renderers cannot
+ * bypass sanitization.
+ *
+ * @see https://github.com/humanspeak/svelte-markdown/issues/272
+ * @packageDocumentation
+ */
+/**
+ * Context passed to sanitization functions so users can apply
+ * different rules per markdown token type or HTML tag.
+ *
+ * - For markdown links: `{ type: 'link', tag: 'a' }`
+ * - For markdown images: `{ type: 'image', tag: 'img' }`
+ * - For HTML tags: `{ type: 'html', tag: 'a' | 'img' | 'div' | ... }`
+ */
+export interface SanitizeContext {
+    /** The markdown token type. */
+    type: 'link' | 'image' | 'html';
+    /** The HTML tag name being rendered (e.g. `'a'`, `'img'`, `'div'`). */
+    tag: string;
+}
+export type SanitizeUrlFn = (_url: string, _context: SanitizeContext) => string;
+export type SanitizeAttributesFn = (_attributes: Record<string, string>, _context: SanitizeContext, _sanitizeUrl: SanitizeUrlFn) => Record<string, string>;
+/**
+ * Sanitizes a URL against a protocol allowlist.
+ *
+ * Allows `http:`, `https:`, `mailto:`, `tel:`, and relative URLs
+ * (starting with `/`, `#`, `?`, or no protocol). Blocks everything
+ * else including `javascript:`, `data:`, `vbscript:`, etc.
+ *
+ * Handles mixed-case protocols and leading whitespace.
+ *
+ * The `context` parameter provides the token type and HTML tag name,
+ * enabling per-element policies in custom overrides.
+ */
+export declare const defaultSanitizeUrl: (url: string, _context: SanitizeContext) => string;
+/**
+ * Passthrough URL sanitizer that allows all URLs unchanged.
+ *
+ * Use this to disable URL sanitization entirely:
+ * ```svelte
+ * <SvelteMarkdown source={markdown} sanitizeUrl={unsanitizedUrl} />
+ * ```
+ */
+export declare const unsanitizedUrl: SanitizeUrlFn;
+/**
+ * Passthrough attribute sanitizer that allows all attributes unchanged.
+ *
+ * Use this to disable attribute sanitization entirely:
+ * ```svelte
+ * <SvelteMarkdown source={markdown} sanitizeAttributes={unsanitizedAttributes} />
+ * ```
+ */
+export declare const unsanitizedAttributes: SanitizeAttributesFn;
+/**
+ * Sanitizes an HTML attribute object by:
+ * 1. Removing all event handler attributes (`on*`)
+ * 2. Running URL-bearing attributes through the sanitizer
+ *
+ * The `context` parameter provides the HTML tag name, enabling
+ * per-element policies in custom overrides (e.g. stricter rules
+ * for `<iframe>` than `<a>`).
+ *
+ * Returns a new object; does not mutate the input.
+ */
+export declare const defaultSanitizeAttributes: SanitizeAttributesFn;

package/dist/utils/sanitize.js

@@ -0,0 +1,104 @@
+/**
+ * URL and HTML attribute sanitization utilities for XSS prevention.
+ *
+ * These functions are applied in the Parser before tokens reach any
+ * renderer component or snippet, ensuring custom renderers cannot
+ * bypass sanitization.
+ *
+ * @see https://github.com/humanspeak/svelte-markdown/issues/272
+ * @packageDocumentation
+ */
+/** Protocols considered safe for href/src attributes. */
+const SAFE_PROTOCOLS = new Set(['http:', 'https:', 'mailto:', 'tel:']);
+/**
+ * URL attributes in HTML that should be run through the sanitizer.
+ * Covers standard attributes that can trigger navigation or resource loading.
+ */
+const URL_ATTRIBUTES = new Set(['href', 'src', 'action', 'formaction', 'cite', 'data', 'poster']);
+/** Fast-path: most URLs are http/https — avoid `new URL()` for these. */
+const SAFE_PREFIX_RE = /^https?:/i;
+const LEADING_WS_RE = /^\s+/;
+const RELATIVE_RE = /^[#/?.]/;
+/**
+ * Sanitizes a URL against a protocol allowlist.
+ *
+ * Allows `http:`, `https:`, `mailto:`, `tel:`, and relative URLs
+ * (starting with `/`, `#`, `?`, or no protocol). Blocks everything
+ * else including `javascript:`, `data:`, `vbscript:`, etc.
+ *
+ * Handles mixed-case protocols and leading whitespace.
+ *
+ * The `context` parameter provides the token type and HTML tag name,
+ * enabling per-element policies in custom overrides.
+ */
+export const defaultSanitizeUrl = (url, _context) => {
+    if (!url)
+        return '';
+    const trimmed = url.replace(LEADING_WS_RE, '');
+    // Relative URLs are safe: #anchor, /path, ?query, ./relative, ../parent
+    if (RELATIVE_RE.test(trimmed))
+        return trimmed;
+    // No colon means no protocol — safe relative URL
+    if (!trimmed.includes(':'))
+        return trimmed;
+    // Fast-path for http/https — avoids new URL() allocation
+    if (SAFE_PREFIX_RE.test(trimmed))
+        return trimmed;
+    try {
+        const parsed = new URL(trimmed, 'http://localhost');
+        if (SAFE_PROTOCOLS.has(parsed.protocol))
+            return trimmed;
+    }
+    catch {
+        // Malformed URL — block it
+    }
+    return '';
+};
+/**
+ * Passthrough URL sanitizer that allows all URLs unchanged.
+ *
+ * Use this to disable URL sanitization entirely:
+ * ```svelte
+ * <SvelteMarkdown source={markdown} sanitizeUrl={unsanitizedUrl} />
+ * ```
+ */
+export const unsanitizedUrl = (url) => url;
+/**
+ * Passthrough attribute sanitizer that allows all attributes unchanged.
+ *
+ * Use this to disable attribute sanitization entirely:
+ * ```svelte
+ * <SvelteMarkdown source={markdown} sanitizeAttributes={unsanitizedAttributes} />
+ * ```
+ */
+export const unsanitizedAttributes = (attributes) => attributes;
+/**
+ * Sanitizes an HTML attribute object by:
+ * 1. Removing all event handler attributes (`on*`)
+ * 2. Running URL-bearing attributes through the sanitizer
+ *
+ * The `context` parameter provides the HTML tag name, enabling
+ * per-element policies in custom overrides (e.g. stricter rules
+ * for `<iframe>` than `<a>`).
+ *
+ * Returns a new object; does not mutate the input.
+ */
+export const defaultSanitizeAttributes = (attributes, context, sanitizeUrl) => {
+    const result = {};
+    for (const [key, value] of Object.entries(attributes)) {
+        const lower = key.toLowerCase();
+        // Strip event handlers (onclick, onerror, onload, etc.)
+        // Strip srcdoc — allows arbitrary HTML/script execution in iframes
+        if (lower.startsWith('on') || lower === 'srcdoc')
+            continue;
+        // Sanitize URL-bearing attributes
+        if (URL_ATTRIBUTES.has(lower)) {
+            const sanitized = sanitizeUrl(value, context);
+            if (sanitized)
+                result[key] = sanitized;
+            continue;
+        }
+        result[key] = value;
+    }
+    return result;
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@humanspeak/svelte-markdown",
-  "version": "1.3.0",
+  "version": "1.4.1",
   "description": "Fast, customizable markdown renderer for Svelte with built-in caching, TypeScript support, and Svelte 5 runes",
   "keywords": [
     "svelte",
@@ -70,48 +70,48 @@
     "@humanspeak/memory-cache": "^1.0.6",
     "github-slugger": "^2.0.0",
     "htmlparser2": "^12.0.0",
-    "marked": "^17.0.5"
+    "marked": "^18.0.0"
   },
   "devDependencies": {
-    "@eslint/compat": "^2.0.3",
+    "@eslint/compat": "^2.0.5",
     "@eslint/js": "^10.0.1",
-    "@playwright/cli": "^0.1.2",
-    "@playwright/test": "^1.58.2",
+    "@playwright/cli": "^0.1.6",
+    "@playwright/test": "^1.59.1",
     "@sveltejs/adapter-auto": "^7.0.1",
-    "@sveltejs/kit": "^2.55.0",
+    "@sveltejs/kit": "^2.57.1",
     "@sveltejs/package": "^2.5.7",
     "@sveltejs/vite-plugin-svelte": "^7.0.0",
     "@testing-library/jest-dom": "^6.9.1",
     "@testing-library/svelte": "^5.3.1",
     "@testing-library/user-event": "^14.6.1",
     "@types/katex": "^0.16.8",
-    "@types/node": "^25.5.0",
-    "@typescript-eslint/eslint-plugin": "^8.58.0",
-    "@typescript-eslint/parser": "^8.58.0",
-    "@vitest/coverage-v8": "^4.1.2",
-    "eslint": "^10.1.0",
+    "@types/node": "^25.5.2",
+    "@typescript-eslint/eslint-plugin": "^8.58.1",
+    "@typescript-eslint/parser": "^8.58.1",
+    "@vitest/coverage-v8": "^4.1.4",
+    "eslint": "^10.2.0",
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-svelte": "^3.16.0",
+    "eslint-plugin-svelte": "^3.17.0",
     "eslint-plugin-unused-imports": "^4.4.1",
     "globals": "^17.4.0",
     "husky": "^9.1.7",
-    "jsdom": "^29.0.1",
-    "katex": "^0.16.44",
-    "marked-katex-extension": "^5.1.7",
-    "mermaid": "^11.13.0",
+    "jsdom": "^29.0.2",
+    "katex": "^0.16.45",
+    "marked-katex-extension": "^5.1.8",
+    "mermaid": "^11.14.0",
     "mprocs": "^0.9.2",
     "prettier": "^3.8.1",
     "prettier-plugin-organize-imports": "^4.3.0",
     "prettier-plugin-svelte": "^3.5.1",
     "prettier-plugin-tailwindcss": "^0.7.2",
     "publint": "^0.3.18",
-    "svelte": "^5.55.1",
+    "svelte": "^5.55.2",
     "svelte-check": "^4.4.6",
     "typescript": "^6.0.2",
-    "typescript-eslint": "^8.58.0",
-    "vite": "^8.0.3",
-    "vitest": "^4.1.2"
+    "typescript-eslint": "^8.58.1",
+    "vite": "^8.0.8",
+    "vitest": "^4.1.4"
   },
   "peerDependencies": {
     "mermaid": ">=10.0.0",