npm - markdown-to-jsx - Versions diffs - 9.3.5 → 9.4.1 - Mend

markdown-to-jsx 9.3.5 → 9.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/dist/react.d.cts CHANGED Viewed

@@ -175,9 +175,12 @@ type RequireAtLeastOne<
 		type: typeof RuleType2.htmlBlock;
 		attrs?: Record<string, any>;
 		children?: ASTNode[] | undefined;
-		noInnerParse?: Boolean;
-		tag: string;
+		verbatim?: boolean;
+		rawAttrs?: string;
+		rawText?: string | undefined;
+		/** @deprecated Use `rawText` instead. This property will be removed in a future major version. */
 		text?: string | undefined;
+		tag: string;
 	}
 	export interface HTMLSelfClosingNode {
 		type: typeof RuleType2.htmlSelfClosing;
@@ -227,6 +230,31 @@ type RequireAtLeastOne<
 		*/
 		enforceAtxHeadings: boolean;
 		/**
+		* **⚠️ SECURITY WARNING: STRONGLY DISCOURAGED FOR USER INPUTS**
+		*
+		* When enabled, attempts to eval expressions in JSX props that cannot be serialized
+		* as JSON (functions, variables, complex expressions). This uses `eval()` which can
+		* execute arbitrary code.
+		*
+		* **ONLY use this option when:**
+		* - The markdown source is completely trusted (e.g., your own documentation)
+		* - You control all JSX components and their props
+		* - The content is NOT user-generated or user-editable
+		*
+		* **DO NOT use this option when:**
+		* - Processing user-submitted markdown
+		* - Rendering untrusted content
+		* - Building public-facing applications with user content
+		*
+		* Example unsafe input: `<Component onClick={() => fetch('/admin/delete-all')} />`
+		*
+		* When disabled (default), unserializable expressions remain as strings that can be
+		* safely inspected or handled on a case-by-case basis via custom renderRule logic.
+		*
+		* @default false
+		*/
+		evalUnserializableExpressions?: boolean;
+		/**
 		* Forces the compiler to always output content with a block-level wrapper
 		* (`<p>` or any block-level syntax your markdown already contains.)
 		*/
@@ -335,14 +363,19 @@ declare global {
 declare function parser(source: string, options?: MarkdownToJSX.Options): MarkdownToJSX.ASTNode[];
 declare function sanitizer(input: string): string | null;
 declare function slugify(str: string): string;
+declare const MarkdownContext: React2.Context<MarkdownToJSX.Options | undefined>;
 declare function astToJSX(ast: MarkdownToJSX.ASTNode[], options?: MarkdownToJSX.Options): React2.ReactNode;
 declare function compiler(markdown?: string, options?: MarkdownToJSX.Options): React2.ReactNode;
+declare const MarkdownProvider: React2.FC<{
+	options?: MarkdownToJSX.Options;
+	children: React2.ReactNode;
+}>;
 /**
-* A simple HOC for easy React use. Feed the markdown content as a direct child
-* and the rest is taken care of automatically.
+* A React component for easy markdown rendering. Feed the markdown content as a direct child
+* and the rest is taken care of automatically. Supports memoization for optimal performance.
 */
 declare const Markdown: React2.FC<Omit<React2.HTMLAttributes<Element>, "children"> & {
 	children?: string | null;
 	options?: MarkdownToJSX.Options;
 }>;
-export { slugify, sanitizer, parser, Markdown as default, compiler, astToJSX, RuleType2 as RuleType, MarkdownToJSX, Markdown };
+export { slugify, sanitizer, parser, Markdown as default, compiler, astToJSX, RuleType2 as RuleType, MarkdownToJSX, MarkdownProvider, MarkdownContext, Markdown };

package/dist/react.d.ts CHANGED Viewed

@@ -175,9 +175,12 @@ type RequireAtLeastOne<
 		type: typeof RuleType2.htmlBlock;
 		attrs?: Record<string, any>;
 		children?: ASTNode[] | undefined;
-		noInnerParse?: Boolean;
-		tag: string;
+		verbatim?: boolean;
+		rawAttrs?: string;
+		rawText?: string | undefined;
+		/** @deprecated Use `rawText` instead. This property will be removed in a future major version. */
 		text?: string | undefined;
+		tag: string;
 	}
 	export interface HTMLSelfClosingNode {
 		type: typeof RuleType2.htmlSelfClosing;
@@ -227,6 +230,31 @@ type RequireAtLeastOne<
 		*/
 		enforceAtxHeadings: boolean;
 		/**
+		* **⚠️ SECURITY WARNING: STRONGLY DISCOURAGED FOR USER INPUTS**
+		*
+		* When enabled, attempts to eval expressions in JSX props that cannot be serialized
+		* as JSON (functions, variables, complex expressions). This uses `eval()` which can
+		* execute arbitrary code.
+		*
+		* **ONLY use this option when:**
+		* - The markdown source is completely trusted (e.g., your own documentation)
+		* - You control all JSX components and their props
+		* - The content is NOT user-generated or user-editable
+		*
+		* **DO NOT use this option when:**
+		* - Processing user-submitted markdown
+		* - Rendering untrusted content
+		* - Building public-facing applications with user content
+		*
+		* Example unsafe input: `<Component onClick={() => fetch('/admin/delete-all')} />`
+		*
+		* When disabled (default), unserializable expressions remain as strings that can be
+		* safely inspected or handled on a case-by-case basis via custom renderRule logic.
+		*
+		* @default false
+		*/
+		evalUnserializableExpressions?: boolean;
+		/**
 		* Forces the compiler to always output content with a block-level wrapper
 		* (`<p>` or any block-level syntax your markdown already contains.)
 		*/
@@ -335,14 +363,19 @@ declare global {
 declare function parser(source: string, options?: MarkdownToJSX.Options): MarkdownToJSX.ASTNode[];
 declare function sanitizer(input: string): string | null;
 declare function slugify(str: string): string;
+declare const MarkdownContext: React2.Context<MarkdownToJSX.Options | undefined>;
 declare function astToJSX(ast: MarkdownToJSX.ASTNode[], options?: MarkdownToJSX.Options): React2.ReactNode;
 declare function compiler(markdown?: string, options?: MarkdownToJSX.Options): React2.ReactNode;
+declare const MarkdownProvider: React2.FC<{
+	options?: MarkdownToJSX.Options;
+	children: React2.ReactNode;
+}>;
 /**
-* A simple HOC for easy React use. Feed the markdown content as a direct child
-* and the rest is taken care of automatically.
+* A React component for easy markdown rendering. Feed the markdown content as a direct child
+* and the rest is taken care of automatically. Supports memoization for optimal performance.
 */
 declare const Markdown: React2.FC<Omit<React2.HTMLAttributes<Element>, "children"> & {
 	children?: string | null;
 	options?: MarkdownToJSX.Options;
 }>;
-export { slugify, sanitizer, parser, Markdown as default, compiler, astToJSX, RuleType2 as RuleType, MarkdownToJSX, Markdown };
+export { slugify, sanitizer, parser, Markdown as default, compiler, astToJSX, RuleType2 as RuleType, MarkdownToJSX, MarkdownProvider, MarkdownContext, Markdown };