Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Exclude event attributes when rendering markdown #9463

Closed
jmooring opened this issue Feb 4, 2022 · 1 comment · Fixed by #9464
Closed

Exclude event attributes when rendering markdown #9463

jmooring opened this issue Feb 4, 2022 · 1 comment · Fixed by #9464
Labels
Bug Outdated
Milestone
v0.92.2

Comments

@jmooring
Copy link
Member

jmooring commented Feb 4, 2022
edited
Loading

Current Behavior

config.toml

[markup.goldmark.renderer]
unsafe = false

[markup.goldmark.parser.attribute]
block = true
title = true

markdown

## Heading {onclick="alert('heading')"}

> Blockquote
{ondblclick="alert('blockquote')"}

```bash {onmouseover="alert('code fence')"}
codefences
```

renders

<h2 onclick="alert('heading')" id="heading">Heading</h2>

<blockquote><p>Blockquote</p></blockquote>

<div class="highlight" onmouseover="alert('code fence')">...

Desired Behavior

Remove attribute events from headings and code fences. The block attributes are already being sanitized.

<h2 id="heading">Heading</h2>

<blockquote><p>Blockquote</p></blockquote>

<div class="highlight">...

Reference:

Testing:

git clone --single-branch -b hugo-github-issue-9463 https://github.com/jmooring/hugo-testing hugo-github-issue-9463
cd hugo-github-issue-9463
hugo server
jmooring added a commit to jmooring/hugo that referenced this issue Feb 4, 2022
@jmooring
Exclude event attributes when rendering markdown
7f7a497 
Closes gohugoio#9463
@jmooring jmooring mentioned this issue Feb 4, 2022
Merged
jmooring added a commit to jmooring/hugo that referenced this issue Feb 4, 2022
@jmooring
Exclude event attributes when rendering markdown
f80c042 
Closes gohugoio#9463
jmooring added a commit to jmooring/hugo that referenced this issue Feb 9, 2022
@jmooring
Exclude event attributes when rendering markdown
e64bc4a 
Closes gohugoio#9463
jmooring added a commit to jmooring/hugo that referenced this issue Feb 9, 2022
@jmooring
Exclude event attributes when rendering markdown
5f11133 
Closes gohugoio#9463
@bep bep added this to the v0.92.2 milestone Feb 10, 2022
@bep bep closed this as completed in #9464 Feb 10, 2022
bep pushed a commit that referenced this issue Feb 10, 2022
@jmooring @bep
Exclude event attributes when rendering markdown
f7bc4cc 
Closes #9463
@jmooring jmooring mentioned this issue Feb 16, 2022
Closed
@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 18, 2022
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
Bug Outdated
Projects
None yet
Milestone
v0.92.2
Development

Successfully merging a pull request may close this issue.

Exclude event attributes when rendering markdown jmooring/hugo
2 participants
@jmooring @bep