markdown-to-jsx 9.3.5 → 9.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +190 -29
- package/dist/html.cjs +102 -102
- package/dist/html.d.cts +30 -2
- package/dist/html.d.ts +30 -2
- package/dist/html.js +102 -102
- package/dist/html.js.map +5 -5
- package/dist/index.cjs +98 -98
- package/dist/index.d.cts +32 -4
- package/dist/index.d.ts +32 -4
- package/dist/index.js +98 -98
- package/dist/index.js.map +5 -5
- package/dist/markdown.cjs +118 -118
- package/dist/markdown.js +118 -118
- package/dist/markdown.js.map +5 -5
- package/dist/native.cjs +102 -102
- package/dist/native.d.cts +36 -3
- package/dist/native.d.ts +36 -3
- package/dist/native.js +102 -102
- package/dist/native.js.map +5 -5
- package/dist/react.cjs +99 -99
- package/dist/react.d.cts +38 -5
- package/dist/react.d.ts +38 -5
- package/dist/react.js +99 -99
- package/dist/react.js.map +5 -5
- package/dist/solid.cjs +102 -102
- package/dist/solid.d.cts +30 -2
- package/dist/solid.d.ts +30 -2
- package/dist/solid.js +102 -102
- package/dist/solid.js.map +5 -5
- package/dist/vue.cjs +91 -91
- package/dist/vue.d.cts +38 -5
- package/dist/vue.d.ts +38 -5
- package/dist/vue.js +91 -91
- package/dist/vue.js.map +5 -5
- package/package.json +1 -1
package/dist/solid.d.cts
CHANGED
|
@@ -175,9 +175,12 @@ type RequireAtLeastOne<
|
|
|
175
175
|
type: typeof RuleType2.htmlBlock;
|
|
176
176
|
attrs?: Record<string, any>;
|
|
177
177
|
children?: ASTNode[] | undefined;
|
|
178
|
-
|
|
179
|
-
|
|
178
|
+
verbatim?: boolean;
|
|
179
|
+
rawAttrs?: string;
|
|
180
|
+
rawText?: string | undefined;
|
|
181
|
+
/** @deprecated Use `rawText` instead. This property will be removed in a future major version. */
|
|
180
182
|
text?: string | undefined;
|
|
183
|
+
tag: string;
|
|
181
184
|
}
|
|
182
185
|
export interface HTMLSelfClosingNode {
|
|
183
186
|
type: typeof RuleType2.htmlSelfClosing;
|
|
@@ -227,6 +230,31 @@ type RequireAtLeastOne<
|
|
|
227
230
|
*/
|
|
228
231
|
enforceAtxHeadings: boolean;
|
|
229
232
|
/**
|
|
233
|
+
* **⚠️ SECURITY WARNING: STRONGLY DISCOURAGED FOR USER INPUTS**
|
|
234
|
+
*
|
|
235
|
+
* When enabled, attempts to eval expressions in JSX props that cannot be serialized
|
|
236
|
+
* as JSON (functions, variables, complex expressions). This uses `eval()` which can
|
|
237
|
+
* execute arbitrary code.
|
|
238
|
+
*
|
|
239
|
+
* **ONLY use this option when:**
|
|
240
|
+
* - The markdown source is completely trusted (e.g., your own documentation)
|
|
241
|
+
* - You control all JSX components and their props
|
|
242
|
+
* - The content is NOT user-generated or user-editable
|
|
243
|
+
*
|
|
244
|
+
* **DO NOT use this option when:**
|
|
245
|
+
* - Processing user-submitted markdown
|
|
246
|
+
* - Rendering untrusted content
|
|
247
|
+
* - Building public-facing applications with user content
|
|
248
|
+
*
|
|
249
|
+
* Example unsafe input: `<Component onClick={() => fetch('/admin/delete-all')} />`
|
|
250
|
+
*
|
|
251
|
+
* When disabled (default), unserializable expressions remain as strings that can be
|
|
252
|
+
* safely inspected or handled on a case-by-case basis via custom renderRule logic.
|
|
253
|
+
*
|
|
254
|
+
* @default false
|
|
255
|
+
*/
|
|
256
|
+
evalUnserializableExpressions?: boolean;
|
|
257
|
+
/**
|
|
230
258
|
* Forces the compiler to always output content with a block-level wrapper
|
|
231
259
|
* (`<p>` or any block-level syntax your markdown already contains.)
|
|
232
260
|
*/
|
package/dist/solid.d.ts
CHANGED
|
@@ -175,9 +175,12 @@ type RequireAtLeastOne<
|
|
|
175
175
|
type: typeof RuleType2.htmlBlock;
|
|
176
176
|
attrs?: Record<string, any>;
|
|
177
177
|
children?: ASTNode[] | undefined;
|
|
178
|
-
|
|
179
|
-
|
|
178
|
+
verbatim?: boolean;
|
|
179
|
+
rawAttrs?: string;
|
|
180
|
+
rawText?: string | undefined;
|
|
181
|
+
/** @deprecated Use `rawText` instead. This property will be removed in a future major version. */
|
|
180
182
|
text?: string | undefined;
|
|
183
|
+
tag: string;
|
|
181
184
|
}
|
|
182
185
|
export interface HTMLSelfClosingNode {
|
|
183
186
|
type: typeof RuleType2.htmlSelfClosing;
|
|
@@ -227,6 +230,31 @@ type RequireAtLeastOne<
|
|
|
227
230
|
*/
|
|
228
231
|
enforceAtxHeadings: boolean;
|
|
229
232
|
/**
|
|
233
|
+
* **⚠️ SECURITY WARNING: STRONGLY DISCOURAGED FOR USER INPUTS**
|
|
234
|
+
*
|
|
235
|
+
* When enabled, attempts to eval expressions in JSX props that cannot be serialized
|
|
236
|
+
* as JSON (functions, variables, complex expressions). This uses `eval()` which can
|
|
237
|
+
* execute arbitrary code.
|
|
238
|
+
*
|
|
239
|
+
* **ONLY use this option when:**
|
|
240
|
+
* - The markdown source is completely trusted (e.g., your own documentation)
|
|
241
|
+
* - You control all JSX components and their props
|
|
242
|
+
* - The content is NOT user-generated or user-editable
|
|
243
|
+
*
|
|
244
|
+
* **DO NOT use this option when:**
|
|
245
|
+
* - Processing user-submitted markdown
|
|
246
|
+
* - Rendering untrusted content
|
|
247
|
+
* - Building public-facing applications with user content
|
|
248
|
+
*
|
|
249
|
+
* Example unsafe input: `<Component onClick={() => fetch('/admin/delete-all')} />`
|
|
250
|
+
*
|
|
251
|
+
* When disabled (default), unserializable expressions remain as strings that can be
|
|
252
|
+
* safely inspected or handled on a case-by-case basis via custom renderRule logic.
|
|
253
|
+
*
|
|
254
|
+
* @default false
|
|
255
|
+
*/
|
|
256
|
+
evalUnserializableExpressions?: boolean;
|
|
257
|
+
/**
|
|
230
258
|
* Forces the compiler to always output content with a block-level wrapper
|
|
231
259
|
* (`<p>` or any block-level syntax your markdown already contains.)
|
|
232
260
|
*/
|