markdown-to-jsx 9.3.5 → 9.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +190 -29
- package/dist/html.cjs +102 -102
- package/dist/html.d.cts +30 -2
- package/dist/html.d.ts +30 -2
- package/dist/html.js +102 -102
- package/dist/html.js.map +5 -5
- package/dist/index.cjs +98 -98
- package/dist/index.d.cts +32 -4
- package/dist/index.d.ts +32 -4
- package/dist/index.js +98 -98
- package/dist/index.js.map +5 -5
- package/dist/markdown.cjs +118 -118
- package/dist/markdown.js +118 -118
- package/dist/markdown.js.map +5 -5
- package/dist/native.cjs +102 -102
- package/dist/native.d.cts +36 -3
- package/dist/native.d.ts +36 -3
- package/dist/native.js +102 -102
- package/dist/native.js.map +5 -5
- package/dist/react.cjs +99 -99
- package/dist/react.d.cts +38 -5
- package/dist/react.d.ts +38 -5
- package/dist/react.js +99 -99
- package/dist/react.js.map +5 -5
- package/dist/solid.cjs +102 -102
- package/dist/solid.d.cts +30 -2
- package/dist/solid.d.ts +30 -2
- package/dist/solid.js +102 -102
- package/dist/solid.js.map +5 -5
- package/dist/vue.cjs +91 -91
- package/dist/vue.d.cts +38 -5
- package/dist/vue.d.ts +38 -5
- package/dist/vue.js +91 -91
- package/dist/vue.js.map +5 -5
- package/package.json +1 -1
package/dist/html.d.cts
CHANGED
|
@@ -174,9 +174,12 @@ type RequireAtLeastOne<
|
|
|
174
174
|
type: typeof RuleType2.htmlBlock;
|
|
175
175
|
attrs?: Record<string, any>;
|
|
176
176
|
children?: ASTNode[] | undefined;
|
|
177
|
-
|
|
178
|
-
|
|
177
|
+
verbatim?: boolean;
|
|
178
|
+
rawAttrs?: string;
|
|
179
|
+
rawText?: string | undefined;
|
|
180
|
+
/** @deprecated Use `rawText` instead. This property will be removed in a future major version. */
|
|
179
181
|
text?: string | undefined;
|
|
182
|
+
tag: string;
|
|
180
183
|
}
|
|
181
184
|
export interface HTMLSelfClosingNode {
|
|
182
185
|
type: typeof RuleType2.htmlSelfClosing;
|
|
@@ -226,6 +229,31 @@ type RequireAtLeastOne<
|
|
|
226
229
|
*/
|
|
227
230
|
enforceAtxHeadings: boolean;
|
|
228
231
|
/**
|
|
232
|
+
* **⚠️ SECURITY WARNING: STRONGLY DISCOURAGED FOR USER INPUTS**
|
|
233
|
+
*
|
|
234
|
+
* When enabled, attempts to eval expressions in JSX props that cannot be serialized
|
|
235
|
+
* as JSON (functions, variables, complex expressions). This uses `eval()` which can
|
|
236
|
+
* execute arbitrary code.
|
|
237
|
+
*
|
|
238
|
+
* **ONLY use this option when:**
|
|
239
|
+
* - The markdown source is completely trusted (e.g., your own documentation)
|
|
240
|
+
* - You control all JSX components and their props
|
|
241
|
+
* - The content is NOT user-generated or user-editable
|
|
242
|
+
*
|
|
243
|
+
* **DO NOT use this option when:**
|
|
244
|
+
* - Processing user-submitted markdown
|
|
245
|
+
* - Rendering untrusted content
|
|
246
|
+
* - Building public-facing applications with user content
|
|
247
|
+
*
|
|
248
|
+
* Example unsafe input: `<Component onClick={() => fetch('/admin/delete-all')} />`
|
|
249
|
+
*
|
|
250
|
+
* When disabled (default), unserializable expressions remain as strings that can be
|
|
251
|
+
* safely inspected or handled on a case-by-case basis via custom renderRule logic.
|
|
252
|
+
*
|
|
253
|
+
* @default false
|
|
254
|
+
*/
|
|
255
|
+
evalUnserializableExpressions?: boolean;
|
|
256
|
+
/**
|
|
229
257
|
* Forces the compiler to always output content with a block-level wrapper
|
|
230
258
|
* (`<p>` or any block-level syntax your markdown already contains.)
|
|
231
259
|
*/
|
package/dist/html.d.ts
CHANGED
|
@@ -174,9 +174,12 @@ type RequireAtLeastOne<
|
|
|
174
174
|
type: typeof RuleType2.htmlBlock;
|
|
175
175
|
attrs?: Record<string, any>;
|
|
176
176
|
children?: ASTNode[] | undefined;
|
|
177
|
-
|
|
178
|
-
|
|
177
|
+
verbatim?: boolean;
|
|
178
|
+
rawAttrs?: string;
|
|
179
|
+
rawText?: string | undefined;
|
|
180
|
+
/** @deprecated Use `rawText` instead. This property will be removed in a future major version. */
|
|
179
181
|
text?: string | undefined;
|
|
182
|
+
tag: string;
|
|
180
183
|
}
|
|
181
184
|
export interface HTMLSelfClosingNode {
|
|
182
185
|
type: typeof RuleType2.htmlSelfClosing;
|
|
@@ -226,6 +229,31 @@ type RequireAtLeastOne<
|
|
|
226
229
|
*/
|
|
227
230
|
enforceAtxHeadings: boolean;
|
|
228
231
|
/**
|
|
232
|
+
* **⚠️ SECURITY WARNING: STRONGLY DISCOURAGED FOR USER INPUTS**
|
|
233
|
+
*
|
|
234
|
+
* When enabled, attempts to eval expressions in JSX props that cannot be serialized
|
|
235
|
+
* as JSON (functions, variables, complex expressions). This uses `eval()` which can
|
|
236
|
+
* execute arbitrary code.
|
|
237
|
+
*
|
|
238
|
+
* **ONLY use this option when:**
|
|
239
|
+
* - The markdown source is completely trusted (e.g., your own documentation)
|
|
240
|
+
* - You control all JSX components and their props
|
|
241
|
+
* - The content is NOT user-generated or user-editable
|
|
242
|
+
*
|
|
243
|
+
* **DO NOT use this option when:**
|
|
244
|
+
* - Processing user-submitted markdown
|
|
245
|
+
* - Rendering untrusted content
|
|
246
|
+
* - Building public-facing applications with user content
|
|
247
|
+
*
|
|
248
|
+
* Example unsafe input: `<Component onClick={() => fetch('/admin/delete-all')} />`
|
|
249
|
+
*
|
|
250
|
+
* When disabled (default), unserializable expressions remain as strings that can be
|
|
251
|
+
* safely inspected or handled on a case-by-case basis via custom renderRule logic.
|
|
252
|
+
*
|
|
253
|
+
* @default false
|
|
254
|
+
*/
|
|
255
|
+
evalUnserializableExpressions?: boolean;
|
|
256
|
+
/**
|
|
229
257
|
* Forces the compiler to always output content with a block-level wrapper
|
|
230
258
|
* (`<p>` or any block-level syntax your markdown already contains.)
|
|
231
259
|
*/
|