ironmark 1.4.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +25 -1
- package/package.json +1 -1
- package/wasm/index.d.ts +2 -0
- package/wasm/node.js +1 -1
- package/wasm/pkg/ironmark.d.ts +2 -2
- package/wasm/pkg/ironmark_bg.js +6 -4
- package/wasm/pkg/ironmark_bg.wasm +0 -0
- package/wasm/pkg/ironmark_bg.wasm.d.ts +2 -2
- package/wasm/shared.js +1 -0
package/README.md
CHANGED
|
@@ -6,7 +6,9 @@ Fast Markdown to HTML/AST parser written in Rust with **zero third-party** parsi
|
|
|
6
6
|
|
|
7
7
|
## Options
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
### Extensions
|
|
10
|
+
|
|
11
|
+
All extension options default to `true`.
|
|
10
12
|
|
|
11
13
|
| Option | JS (`camelCase`) | Rust (`snake_case`) | Description |
|
|
12
14
|
| ------------- | --------------------- | ---------------------- | ------------------------------ |
|
|
@@ -18,6 +20,18 @@ All options default to `true`.
|
|
|
18
20
|
| Autolink | `enableAutolink` | `enable_autolink` | Bare URLs & emails → `<a>` |
|
|
19
21
|
| Task lists | `enableTaskLists` | `enable_task_lists` | `- [ ]` / `- [x]` checkboxes |
|
|
20
22
|
|
|
23
|
+
### Security
|
|
24
|
+
|
|
25
|
+
| Option | JS (`camelCase`) | Rust (`snake_case`) | Default | Description |
|
|
26
|
+
| ---------------- | ---------------- | ------------------- | -------------- | ----------------------------------------------------------- |
|
|
27
|
+
| Disable raw HTML | `disableRawHtml` | `disable_raw_html` | `false` | Escape HTML blocks & inline HTML instead of passing through |
|
|
28
|
+
| Max nesting | — | `max_nesting_depth` | `128` | Limit blockquote/list nesting depth (DoS prevention) |
|
|
29
|
+
| Max input size | — | `max_input_size` | `0` (no limit) | Truncate input beyond this byte count |
|
|
30
|
+
|
|
31
|
+
> In the WASM build, `max_nesting_depth` is fixed at `128` and `max_input_size` at `10 MB`.
|
|
32
|
+
|
|
33
|
+
Dangerous URI schemes (`javascript:`, `vbscript:`, `data:` except `data:image/…`) are **always** stripped from link and image destinations, regardless of options.
|
|
34
|
+
|
|
21
35
|
## JavaScript / TypeScript
|
|
22
36
|
|
|
23
37
|
```bash
|
|
@@ -34,6 +48,9 @@ WASM is embedded and loaded synchronously — no `init()` needed:
|
|
|
34
48
|
import { parse } from "ironmark";
|
|
35
49
|
|
|
36
50
|
const html = parse("# Hello\n\nThis is **fast**.");
|
|
51
|
+
|
|
52
|
+
// safe mode for untrusted input
|
|
53
|
+
const safe = parse(userInput, { disableRawHtml: true });
|
|
37
54
|
```
|
|
38
55
|
|
|
39
56
|
### AST Output
|
|
@@ -91,6 +108,13 @@ fn main() {
|
|
|
91
108
|
enable_strikethrough: false,
|
|
92
109
|
..Default::default()
|
|
93
110
|
});
|
|
111
|
+
|
|
112
|
+
// safe mode for untrusted input
|
|
113
|
+
let html = parse("<script>alert(1)</script>", &ParseOptions {
|
|
114
|
+
disable_raw_html: true,
|
|
115
|
+
max_input_size: 1_000_000, // 1 MB
|
|
116
|
+
..Default::default()
|
|
117
|
+
});
|
|
94
118
|
}
|
|
95
119
|
```
|
|
96
120
|
|
package/package.json
CHANGED
package/wasm/index.d.ts
CHANGED
|
@@ -15,6 +15,8 @@ export interface ParseOptions {
|
|
|
15
15
|
enableAutolink?: boolean;
|
|
16
16
|
/** Enable GitHub-style task lists (`- [ ] unchecked`, `- [x] checked`). Default: true. */
|
|
17
17
|
enableTaskLists?: boolean;
|
|
18
|
+
/** When true, raw HTML is escaped instead of passed through (XSS prevention). Default: false. */
|
|
19
|
+
disableRawHtml?: boolean;
|
|
18
20
|
}
|
|
19
21
|
|
|
20
22
|
/**
|