@readme/markdown 6.43.0 → 6.43.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/components/HTMLBlock/index.jsx +8 -1
  2. package/dist/main.js +9 -1
  3. package/dist/main.node.js +9 -1
  4. package/package.json +1 -1
package/components/HTMLBlock/index.jsx CHANGED
@@ -15,6 +15,13 @@ const extractScripts = (html = '') => {
15
15
  return [cleaned, () => scripts.map(js => window.eval(js))];
16
16
  };
17
17
 
18
+ /**
19
+ * @hack: https://stackoverflow.com/a/30930653/659661
20
+ */
21
+ const escapeHTML = html => {
22
+ return document.createElement('div').appendChild(document.createTextNode(html)).parentNode.innerHTML;
23
+ };
24
+
18
25
  class HTMLBlock extends React.Component {
19
26
  constructor(props) {
20
27
  super(props);
@@ -32,7 +39,7 @@ class HTMLBlock extends React.Component {
32
39
  if (safeMode) {
33
40
  return (
34
41
  <pre className="html-unsafe">
35
- <code>{html}</code>
42
+ <code>{escapeHTML(html)}</code>
36
43
  </pre>
37
44
  );
38
45
  }
package/dist/main.js CHANGED
@@ -9731,6 +9731,14 @@ var extractScripts = function extractScripts() {
9731
9731
  });
9732
9732
  }];
9733
9733
  };
9734
+ /**
9735
+ * @hack: https://stackoverflow.com/a/30930653/659661
9736
+ */
9737
+
9738
+
9739
+ var escapeHTML = function escapeHTML(html) {
9740
+ return document.createElement('div').appendChild(document.createTextNode(html)).parentNode.innerHTML;
9741
+ };
9734
9742
 
9735
9743
  var HTMLBlock = /*#__PURE__*/function (_React$Component) {
9736
9744
  "use strict";
@@ -9771,7 +9779,7 @@ var HTMLBlock = /*#__PURE__*/function (_React$Component) {
9771
9779
  if (safeMode) {
9772
9780
  return /*#__PURE__*/React.createElement("pre", {
9773
9781
  className: "html-unsafe"
9774
- }, /*#__PURE__*/React.createElement("code", null, html));
9782
+ }, /*#__PURE__*/React.createElement("code", null, escapeHTML(html)));
9775
9783
  }
9776
9784
 
9777
9785
  return /*#__PURE__*/React.createElement("div", {
package/dist/main.node.js CHANGED
@@ -9731,6 +9731,14 @@ var extractScripts = function extractScripts() {
9731
9731
  });
9732
9732
  }];
9733
9733
  };
9734
+ /**
9735
+ * @hack: https://stackoverflow.com/a/30930653/659661
9736
+ */
9737
+
9738
+
9739
+ var escapeHTML = function escapeHTML(html) {
9740
+ return document.createElement('div').appendChild(document.createTextNode(html)).parentNode.innerHTML;
9741
+ };
9734
9742
 
9735
9743
  var HTMLBlock = /*#__PURE__*/function (_React$Component) {
9736
9744
  "use strict";
@@ -9771,7 +9779,7 @@ var HTMLBlock = /*#__PURE__*/function (_React$Component) {
9771
9779
  if (safeMode) {
9772
9780
  return /*#__PURE__*/React.createElement("pre", {
9773
9781
  className: "html-unsafe"
9774
- }, /*#__PURE__*/React.createElement("code", null, html));
9782
+ }, /*#__PURE__*/React.createElement("code", null, escapeHTML(html)));
9775
9783
  }
9776
9784
 
9777
9785
  return /*#__PURE__*/React.createElement("div", {
package/package.json CHANGED
@@ -2,7 +2,7 @@
2
2
  "name": "@readme/markdown",
3
3
  "description": "ReadMe's React-based Markdown parser",
4
4
  "author": "Rafe Goldberg <rafe@readme.io>",
5
- "version": "6.43.0",
5
+ "version": "6.43.1",
6
6
  "main": "dist/main.node.js",
7
7
  "browser": "dist/main.js",
8
8
  "files": [