From 5ca58b4bdefc8e938200dcf92ef5c1ae3c45be2b Mon Sep 17 00:00:00 2001 From: Alex Deschamps Date: Fri, 26 Mar 2021 18:21:03 -0600 Subject: [PATCH] switch default html to false (safer) --- lib/presets/commonmark.js | 2 +- test/commonmark.js | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/presets/commonmark.js b/lib/presets/commonmark.js index 7066553..e1fc429 100644 --- a/lib/presets/commonmark.js +++ b/lib/presets/commonmark.js @@ -5,7 +5,7 @@ module.exports = { options: { - html: true, // Enable HTML tags in source + html: false, // Enable HTML tags in source xhtmlOut: true, // Use '/' to close single tags (
) breaks: false, // Convert '\n' in paragraphs into
langPrefix: 'language-', // CSS language prefix for fenced blocks diff --git a/test/commonmark.js b/test/commonmark.js index d0f901e..5c963bd 100644 --- a/test/commonmark.js +++ b/test/commonmark.js @@ -33,3 +33,11 @@ describe('CommonMark', function () { generate(p.join(__dirname, 'fixtures/commonmark/good.txt'), md); }); + +describe('CommonMark defaults', function () { + var md = require('../')('commonmark'); + + it('defaults to the safe html false options', function () { + assert.strictEqual(md.render(''), '

<script>alert();</script>

\n'); + }); +});