Skip to content

Commit

Permalink
[Security] Remove markdown-it-html5-embed
Browse files Browse the repository at this point in the history 
- Add tests for images with audio and video URLs.
- Remove `markdown-it-html5-embed`, which is quite old, depends on an outdated version of `markdown-it`, and loads in all of `mime-db` to check for audio or video URLs.
- Replace `html5-embed` with `html5-media`, a plugin based on the `markdown-it-html5-media` plugin.
- Use `mime/lite` to lookup MIME types for audio and video, in the browser.
  • Loading branch information
@eatyourgreens
eatyourgreens committed Jan 8, 2024
1 parent f2c203b commit 3740633
Show file tree
Hide file tree
Showing 6 changed files with 383 additions and 43 deletions.
52 changes: 17 additions & 35 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 1 addition & 4 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,16 +68,13 @@
"markdown-it-container": "~4.0.0",
"markdown-it-emoji": "~3.0.0",
"markdown-it-footnote": "~4.0.0",
"markdown-it-html5-embed": "~1.0.0",
"markdown-it-imsize": "~2.0.1",
"markdown-it-sub": "~2.0.0",
"markdown-it-sup": "~2.0.0",
"markdown-it-table-of-contents": "~0.6.0",
"markdown-it-video": "~0.6.3",
"mime": "~3.0.0",
"rehype": "~11.0.0",
"rehype-react": "~6.2.1"
},
"overrides": {
"markdown-it": "~14.0.0"
}
}
Loading

0 comments on commit 3740633

Please sign in to comment.