[{"data":1,"prerenderedAt":2582},["ShallowReactive",2],{"navigation_examples":3,"navigation_docs":95,"-plugins-built-in-security":290,"-plugins-built-in-security-surround":2577},[4],{"title":5,"path":6,"stem":7,"children":8,"page":34},"Examples","\u002Fexamples","examples",[9,35,60],{"title":10,"path":11,"stem":12,"children":13,"page":34},"Frameworks","\u002Fexamples\u002Fframeworks","examples\u002F1.frameworks",[14,19,24,29],{"title":15,"path":16,"stem":17,"icon":18},"Astro","\u002Fexamples\u002Fframeworks\u002Fastro","examples\u002F1.frameworks\u002Fastro\u002FREADME","i-simple-icons:astro",{"title":20,"path":21,"stem":22,"icon":23},"Next.js","\u002Fexamples\u002Fframeworks\u002Fnextjs","examples\u002F1.frameworks\u002Fnextjs\u002FREADME","i-simple-icons:nextdotjs",{"title":25,"path":26,"stem":27,"icon":28},"Nuxt","\u002Fexamples\u002Fframeworks\u002Fnuxt-ui","examples\u002F1.frameworks\u002Fnuxt\u002FREADME","i-simple-icons-nuxt",{"title":30,"path":31,"stem":32,"icon":33},"VitePress","\u002Fexamples\u002Fframeworks\u002Fvitepress","examples\u002F1.frameworks\u002Fvitepress\u002FREADME","i-simple-icons-vitepress",false,{"title":36,"path":37,"stem":38,"children":39,"page":34},"Vite","\u002Fexamples\u002Fvite","examples\u002F2.vite",[40,45,50,55],{"title":41,"path":42,"stem":43,"icon":44},"HTML Preview","\u002Fexamples\u002Fvite\u002Fhtml","examples\u002F2.vite\u002Fhtml\u002FREADME","i-lucide-file-code",{"title":46,"path":47,"stem":48,"icon":49},"React","\u002Fexamples\u002Fvite\u002Freact","examples\u002F2.vite\u002Freact\u002FREADME","i-simple-icons-react",{"title":51,"path":52,"stem":53,"icon":54},"Svelte","\u002Fexamples\u002Fvite\u002Fsvelte","examples\u002F2.vite\u002Fsvelte\u002FREADME","i-simple-icons-svelte",{"title":56,"path":57,"stem":58,"icon":59},"Vue","\u002Fexamples\u002Fvite\u002Fvue","examples\u002F2.vite\u002Fvue\u002FREADME","i-simple-icons-vuedotjs",{"title":61,"path":62,"stem":63,"children":64,"page":34},"Plugins","\u002Fexamples\u002Fplugins","examples\u002F3.plugins",[65,70,75,80,85,90],{"title":66,"path":67,"stem":68,"icon":69},"Binding (frontmatter + data)","\u002Fexamples\u002Fplugins\u002Fvue-vite-binding","examples\u002F3.plugins\u002Fvue-vite-binding\u002FREADME","i-lucide-replace",{"title":71,"path":72,"stem":73,"icon":74},"Syntax Highlighting","\u002Fexamples\u002Fplugins\u002Fvue-vite-highlight","examples\u002F3.plugins\u002Fvue-vite-highlight\u002FREADME","i-lucide-code",{"title":76,"path":77,"stem":78,"icon":79},"JSON Render","\u002Fexamples\u002Fplugins\u002Fvue-vite-json-render","examples\u002F3.plugins\u002Fvue-vite-json-render\u002FREADME","i-lucide-braces",{"title":81,"path":82,"stem":83,"icon":84},"Math formulas","\u002Fexamples\u002Fplugins\u002Fvue-vite-math","examples\u002F3.plugins\u002Fvue-vite-math\u002FREADME","i-lucide-calculator",{"title":86,"path":87,"stem":88,"icon":89},"Mermaid diagrams","\u002Fexamples\u002Fplugins\u002Fvue-vite-mermaid","examples\u002F3.plugins\u002Fvue-vite-mermaid\u002FREADME","i-simple-icons-mermaid",{"title":91,"path":92,"stem":93,"icon":94},"Punctuation","\u002Fexamples\u002Fplugins\u002Fvue-vite-punctuation","examples\u002F3.plugins\u002Fvue-vite-punctuation\u002FREADME","i-lucide-quote",[96,110,132,159,246,268],{"title":97,"icon":98,"path":99,"stem":100,"children":101,"page":34},"Getting Started","i-lucide-rocket","\u002Fgetting-started","1.getting-started",[102,106],{"title":103,"path":104,"stem":105},"Introduction","\u002Fgetting-started\u002Fintroduction","1.getting-started\u002F0.introduction",{"title":107,"path":108,"stem":109},"Installation","\u002Fgetting-started\u002Finstallation","1.getting-started\u002F1.installation",{"title":111,"icon":112,"path":113,"stem":114,"children":115,"page":34},"Syntax","i-lucide-file-text","\u002Fsyntax","2.syntax",[116,120,124,128],{"title":117,"path":118,"stem":119},"Markdown","\u002Fsyntax\u002Fmarkdown","2.syntax\u002F1.markdown",{"title":121,"path":122,"stem":123},"Components","\u002Fsyntax\u002Fcomponents","2.syntax\u002F2.components",{"title":125,"path":126,"stem":127},"Attributes","\u002Fsyntax\u002Fattributes","2.syntax\u002F3.attributes",{"title":129,"path":130,"stem":131},"AST","\u002Fsyntax\u002Fcomark-ast","2.syntax\u002F4.comark-ast",{"title":133,"icon":134,"path":135,"stem":136,"children":137,"page":34},"Rendering","i-lucide-layout","\u002Frendering","3.rendering",[138,142,145,148,151,154],{"title":139,"path":140,"stem":141,"icon":44},"HTML","\u002Frendering\u002Fhtml","3.rendering\u002F2.html",{"title":56,"path":143,"stem":144,"icon":59},"\u002Frendering\u002Fvue","3.rendering\u002F3.vue",{"title":25,"path":146,"stem":147,"icon":28},"\u002Frendering\u002Fnuxt","3.rendering\u002F4.nuxt",{"title":46,"path":149,"stem":150,"icon":49},"\u002Frendering\u002Freact","3.rendering\u002F5.react",{"title":51,"path":152,"stem":153,"icon":54},"\u002Frendering\u002Fsvelte","3.rendering\u002F6.svelte",{"title":155,"path":156,"stem":157,"icon":158},"ANSI (Terminal)","\u002Frendering\u002Fansi","3.rendering\u002F7.ansi","i-lucide-terminal",{"title":61,"icon":160,"path":161,"stem":162,"children":163,"page":34},"i-lucide-plug","\u002Fplugins","4.plugins",[164,229],{"title":165,"path":166,"stem":167,"children":168,"page":34},"Built-in","\u002Fplugins\u002Fbuilt-in","4.plugins\u002F1.built-in",[169,174,179,182,186,191,196,200,204,209,214,217,220,225],{"title":170,"path":171,"stem":172,"icon":173},"Security","\u002Fplugins\u002Fbuilt-in\u002Fsecurity","4.plugins\u002F1.built-in\u002F01.security","i-lucide-shield-check",{"title":175,"path":176,"stem":177,"icon":178},"Emoji","\u002Fplugins\u002Fbuilt-in\u002Femoji","4.plugins\u002F1.built-in\u002F02.emoji","i-lucide-smile",{"title":71,"path":180,"stem":181,"icon":74},"\u002Fplugins\u002Fbuilt-in\u002Fhighlight","4.plugins\u002F1.built-in\u002F03.highlight",{"title":183,"path":184,"stem":185,"icon":112},"Summary Extraction","\u002Fplugins\u002Fbuilt-in\u002Fsummary","4.plugins\u002F1.built-in\u002F04.summary",{"title":187,"path":188,"stem":189,"icon":190},"Table of Contents","\u002Fplugins\u002Fbuilt-in\u002Ftoc","4.plugins\u002F1.built-in\u002F05.toc","i-lucide-list",{"title":192,"path":193,"stem":194,"icon":195},"Alerts","\u002Fplugins\u002Fbuilt-in\u002Falert","4.plugins\u002F1.built-in\u002F06.alert","i-lucide-bell",{"title":197,"path":198,"stem":199,"icon":89},"Mermaid Diagrams","\u002Fplugins\u002Fbuilt-in\u002Fmermaid","4.plugins\u002F1.built-in\u002F07.mermaid",{"title":201,"path":202,"stem":203,"icon":84},"Mathematics","\u002Fplugins\u002Fbuilt-in\u002Fmath","4.plugins\u002F1.built-in\u002F08.math",{"title":205,"path":206,"stem":207,"icon":208},"Task List","\u002Fplugins\u002Fbuilt-in\u002Ftask-list","4.plugins\u002F1.built-in\u002F09.task-list","i-lucide-check-square",{"title":210,"path":211,"stem":212,"icon":213},"Headings","\u002Fplugins\u002Fbuilt-in\u002Fheadings","4.plugins\u002F1.built-in\u002F10.headings","i-lucide-heading",{"title":76,"path":215,"stem":216,"icon":79},"\u002Fplugins\u002Fbuilt-in\u002Fjson-render","4.plugins\u002F1.built-in\u002F11.json-render",{"title":91,"path":218,"stem":219,"icon":94},"\u002Fplugins\u002Fbuilt-in\u002Fpunctuation","4.plugins\u002F1.built-in\u002F12.punctuation",{"title":221,"path":222,"stem":223,"icon":224},"Breaks","\u002Fplugins\u002Fbuilt-in\u002Fbreaks","4.plugins\u002F1.built-in\u002F13.breaks","i-lucide-corner-down-left",{"title":226,"path":227,"stem":228,"icon":69},"Binding","\u002Fplugins\u002Fbuilt-in\u002Fbinding","4.plugins\u002F1.built-in\u002F14.binding",{"title":230,"path":231,"stem":232,"children":233,"page":34},"Custom","\u002Fplugins\u002Fcustom","4.plugins\u002F2.custom",[234,238,242],{"title":235,"path":236,"stem":237},"Plugin API","\u002Fplugins\u002Fcustom\u002Fplugin-api","4.plugins\u002F2.custom\u002F1.plugin-api",{"title":239,"path":240,"stem":241},"AST API","\u002Fplugins\u002Fcustom\u002Fast-api","4.plugins\u002F2.custom\u002F2.ast-api",{"title":243,"path":244,"stem":245},"Markdown-it","\u002Fplugins\u002Fcustom\u002Fmarkdown-it","4.plugins\u002F2.custom\u002F3.markdown-it",{"title":247,"icon":248,"path":249,"stem":250,"children":251,"page":34},"API Reference","i-lucide-book-open","\u002Fapi","5.api",[252,256,260,264],{"title":253,"path":254,"stem":255},"Render API","\u002Fapi\u002Frender","5.api\u002F0.render",{"title":257,"path":258,"stem":259},"Parse API","\u002Fapi\u002Fparse","5.api\u002F1.parse",{"title":261,"path":262,"stem":263},"Streaming API","\u002Fapi\u002Fauto-close","5.api\u002F2.auto-close",{"title":265,"path":266,"stem":267},"Cheat Sheet","\u002Fapi\u002Freference","5.api\u002F3.reference",{"title":269,"icon":270,"path":271,"stem":272,"children":273,"page":34},"Knowledge Base","i-lucide-library","\u002Fkb","7.kb",[274,278,282,286],{"title":275,"path":276,"stem":277},"Why Comark?","\u002Fkb\u002Fwhy-comark","7.kb\u002F0.why-comark",{"title":279,"path":280,"stem":281},"Migration from MDC","\u002Fkb\u002Fmigration-from-mdc","7.kb\u002F2.migration-from-mdc",{"title":283,"path":284,"stem":285},"Migration from MDX","\u002Fkb\u002Fmigration-from-mdx","7.kb\u002F3.migration-from-mdx",{"title":287,"path":288,"stem":289},"Twoslash","\u002Fkb\u002Ftwoslash","7.kb\u002F4.twoslash",{"id":291,"title":170,"body":292,"description":2559,"extension":2560,"links":2561,"meta":2566,"navigation":2574,"path":171,"seo":2575,"stem":172,"__hash__":2576},"docs\u002F4.plugins\u002F1.built-in\u002F01.security.md",{"type":293,"value":294,"toc":2527},"minimark",[295,304,309,422,425,760,763,767,770,775,799,930,934,937,977,981,1000,1027,1110,1112,1116,1122,1129,1134,1148,1156,1158,1161,1327,1332,1345,1424,1516,1521,1532,1575,1594,1599,1612,1618,1663,1668,1677,1713,1718,1727,1782,1787,1800,1829,1838,1840,1842,1846,1849,2036,2040,2043,2117,2121,2124,2168,2170,2174,2178,2201,2317,2321,2324,2466,2470,2473,2520],[296,297,298,299,303],"p",{},"The ",[300,301,302],"code",{},"comark\u002Fplugins\u002Fsecurity"," plugin sanitizes the parsed AST, removing dangerous HTML elements, blocking malicious protocols, and restricting allowed link destinations.",[305,306,308],"h2",{"id":307},"usage","Usage",[310,311,315],"pre",{"language":312,"class":313,"tabindex":314},"typescript","shiki shiki-themes material-theme-lighter material-theme-palenight","0",[300,316,318,351,352,351,368,351,370,351,396,351,414],{"class":317},"language-typescript",[319,320,323,327,331,335,338,341,344,348],"span",{"class":321,"style":322},"line","display: inline",[319,324,326],{"style":325},"color:#39ADB5;--shiki-light-font-style:italic;--shiki-dark:#89DDFF;--shiki-dark-font-style:italic","import",[319,328,330],{"style":329},"color:#39ADB5;--shiki-dark:#89DDFF"," {",[319,332,334],{"style":333},"color:#90A4AE;--shiki-dark:#BABED8"," parse",[319,336,337],{"style":329}," }",[319,339,340],{"style":325}," from",[319,342,343],{"style":329}," '",[319,345,347],{"style":346},"color:#91B859;--shiki-dark:#C3E88D","comark",[319,349,350],{"style":329},"'","\n",[319,353,354,356,359,362,364,366],{"class":321,"style":322},[319,355,326],{"style":325},[319,357,358],{"style":333}," security ",[319,360,361],{"style":325},"from",[319,363,343],{"style":329},[319,365,302],{"style":346},[319,367,350],{"style":329},[319,369],{"class":321,"style":322},[319,371,372,376,379,382,385,388,391,394],{"class":321,"style":322},[319,373,375],{"style":374},"color:#9C3EDA;--shiki-dark:#C792EA","const",[319,377,378],{"style":333}," result ",[319,380,381],{"style":329},"=",[319,383,384],{"style":325}," await",[319,386,334],{"style":387},"color:#6182B8;--shiki-dark:#82AAFF",[319,389,390],{"style":333},"(content",[319,392,393],{"style":329},",",[319,395,330],{"style":329},[319,397,398,402,405,408,411],{"class":321,"style":322},[319,399,401],{"style":400},"color:#E53935;--shiki-dark:#F07178","  plugins",[319,403,404],{"style":329},":",[319,406,407],{"style":333}," [",[319,409,410],{"style":387},"security",[319,412,413],{"style":333},"()]",[319,415,416,419],{"class":321,"style":322},[319,417,418],{"style":329},"}",[319,420,421],{"style":333},")",[296,423,424],{},"With framework components:",[426,427,428,646],"code-group",{},[310,429,431],{"language":430,"filename":56,"class":313,"tabindex":314},"vue",[300,432,434,351,461,351,481,351,496,351,498,351,509,351,520,351,549,351,576,351,583,351,587,351,596,351,598,351,607,351,638],{"class":433},"language-vue",[319,435,436,439,442,445,448,450,453,456,458],{"class":321,"style":322},[319,437,438],{"style":329},"\u003C",[319,440,441],{"style":400},"script",[319,443,444],{"style":374}," setup",[319,446,447],{"style":374}," lang",[319,449,381],{"style":329},[319,451,452],{"style":329},"\"",[319,454,455],{"style":346},"ts",[319,457,452],{"style":329},[319,459,460],{"style":329},">",[319,462,463,465,467,470,472,474,476,479],{"class":321,"style":322},[319,464,326],{"style":325},[319,466,330],{"style":329},[319,468,469],{"style":333}," Comark",[319,471,337],{"style":329},[319,473,340],{"style":325},[319,475,343],{"style":329},[319,477,478],{"style":346},"@comark\u002Fvue",[319,480,350],{"style":329},[319,482,483,485,487,489,491,494],{"class":321,"style":322},[319,484,326],{"style":325},[319,486,358],{"style":333},[319,488,361],{"style":325},[319,490,343],{"style":329},[319,492,493],{"style":346},"@comark\u002Fvue\u002Fplugins\u002Fsecurity",[319,495,350],{"style":329},[319,497],{"class":321,"style":322},[319,499,500,502,505,507],{"class":321,"style":322},[319,501,375],{"style":374},[319,503,504],{"style":333}," plugins ",[319,506,381],{"style":329},[319,508,407],{"style":333},[319,510,511,514,517],{"class":321,"style":322},[319,512,513],{"style":387},"  security",[319,515,516],{"style":333},"(",[319,518,519],{"style":329},"{",[319,521,522,525,527,529,531,533,535,537,539,542,544,547],{"class":321,"style":322},[319,523,524],{"style":400},"    blockedTags",[319,526,404],{"style":329},[319,528,407],{"style":333},[319,530,350],{"style":329},[319,532,441],{"style":346},[319,534,350],{"style":329},[319,536,393],{"style":329},[319,538,343],{"style":329},[319,540,541],{"style":346},"iframe",[319,543,350],{"style":329},[319,545,546],{"style":333},"]",[319,548,393],{"style":329},[319,550,551,554,556,558,560,563,565,567,569,572,574],{"class":321,"style":322},[319,552,553],{"style":400},"    allowedProtocols",[319,555,404],{"style":329},[319,557,407],{"style":333},[319,559,350],{"style":329},[319,561,562],{"style":346},"https",[319,564,350],{"style":329},[319,566,393],{"style":329},[319,568,343],{"style":329},[319,570,571],{"style":346},"mailto",[319,573,350],{"style":329},[319,575,546],{"style":333},[319,577,578,581],{"class":321,"style":322},[319,579,580],{"style":329},"  }",[319,582,421],{"style":333},[319,584,585],{"class":321,"style":322},[319,586,546],{"style":333},[319,588,589,592,594],{"class":321,"style":322},[319,590,591],{"style":329},"\u003C\u002F",[319,593,441],{"style":400},[319,595,460],{"style":329},[319,597],{"class":321,"style":322},[319,599,600,602,605],{"class":321,"style":322},[319,601,438],{"style":329},[319,603,604],{"style":400},"template",[319,606,460],{"style":329},[319,608,609,612,615,618,620,622,625,627,629,632,634,636],{"class":321,"style":322},[319,610,611],{"style":329},"  \u003C",[319,613,614],{"style":400},"Comark",[319,616,617],{"style":374}," :plugins",[319,619,381],{"style":329},[319,621,452],{"style":329},[319,623,624],{"style":346},"plugins",[319,626,452],{"style":329},[319,628,460],{"style":329},[319,630,631],{"style":333},"{{ content }}",[319,633,591],{"style":329},[319,635,614],{"style":400},[319,637,460],{"style":329},[319,639,640,642,644],{"class":321,"style":322},[319,641,591],{"style":329},[319,643,604],{"style":400},[319,645,460],{"style":329},[310,647,649],{"language":648,"filename":46,"class":313,"tabindex":314},"tsx",[300,650,652,351,671,351,686,351,688,351,742,351,752],{"class":651},"language-tsx",[319,653,654,656,658,660,662,664,666,669],{"class":321,"style":322},[319,655,326],{"style":325},[319,657,330],{"style":329},[319,659,469],{"style":333},[319,661,337],{"style":329},[319,663,340],{"style":325},[319,665,343],{"style":329},[319,667,668],{"style":346},"@comark\u002Freact",[319,670,350],{"style":329},[319,672,673,675,677,679,681,684],{"class":321,"style":322},[319,674,326],{"style":325},[319,676,358],{"style":333},[319,678,361],{"style":325},[319,680,343],{"style":329},[319,682,683],{"style":346},"@comark\u002Freact\u002Fplugins\u002Fsecurity",[319,685,350],{"style":329},[319,687],{"class":321,"style":322},[319,689,690,692,695,698,701,704,706,708,710,713,715,717,719,721,723,725,727,729,731,734,736,739],{"class":321,"style":322},[319,691,438],{"style":329},[319,693,614],{"style":694},"color:#E2931D;--shiki-dark:#FFCB6B",[319,696,697],{"style":374}," plugins",[319,699,700],{"style":329},"={",[319,702,703],{"style":333},"[",[319,705,410],{"style":387},[319,707,516],{"style":333},[319,709,519],{"style":329},[319,711,712],{"style":400}," blockedTags",[319,714,404],{"style":329},[319,716,407],{"style":333},[319,718,350],{"style":329},[319,720,441],{"style":346},[319,722,350],{"style":329},[319,724,393],{"style":329},[319,726,343],{"style":329},[319,728,541],{"style":346},[319,730,350],{"style":329},[319,732,733],{"style":333},"] ",[319,735,418],{"style":329},[319,737,738],{"style":333},")]",[319,740,741],{"style":329},"}>",[319,743,744,747,750],{"class":321,"style":322},[319,745,746],{"style":329},"  {",[319,748,749],{"style":333},"content",[319,751,418],{"style":329},[319,753,754,756,758],{"class":321,"style":322},[319,755,591],{"style":329},[319,757,614],{"style":694},[319,759,460],{"style":329},[761,762],"hr",{},[305,764,766],{"id":765},"features","Features",[296,768,769],{},"Several sanitizations are applied automatically and cannot be disabled:",[771,772,774],"h3",{"id":773},"features-event-handlers","Event Handlers",[296,776,777,778,781,782,785,786,785,789,785,792,795,796,798],{},"All ",[300,779,780],{},"on*"," attributes are stripped regardless of case — ",[300,783,784],{},"onclick",", ",[300,787,788],{},"onerror",[300,790,791],{},"onload",[300,793,794],{},"onmouseover",", and any other ",[300,797,780],{}," attribute.",[426,800,801,891],{},[310,802,805],{"language":803,"filename":804,"class":313,"tabindex":314},"html","Input",[300,806,808,351,849],{"class":807},"language-html",[319,809,810,812,815,818,820,822,825,827,829,832,834,836,838,840,843,845,847],{"class":321,"style":322},[319,811,438],{"style":329},[319,813,814],{"style":400},"div",[319,816,817],{"style":374}," onclick",[319,819,381],{"style":329},[319,821,452],{"style":329},[319,823,824],{"style":387},"alert",[319,826,516],{"style":346},[319,828,350],{"style":329},[319,830,831],{"style":346},"XSS",[319,833,350],{"style":329},[319,835,421],{"style":346},[319,837,452],{"style":329},[319,839,460],{"style":329},[319,841,842],{"style":333},"Click me",[319,844,591],{"style":329},[319,846,814],{"style":400},[319,848,460],{"style":329},[319,850,851,853,856,859,861,863,866,868,871,873,875,877,879,881,883,885,887,889],{"class":321,"style":322},[319,852,438],{"style":329},[319,854,855],{"style":400},"img",[319,857,858],{"style":374}," src",[319,860,381],{"style":329},[319,862,452],{"style":329},[319,864,865],{"style":346},"x",[319,867,452],{"style":329},[319,869,870],{"style":374}," onerror",[319,872,381],{"style":329},[319,874,452],{"style":329},[319,876,824],{"style":387},[319,878,516],{"style":346},[319,880,350],{"style":329},[319,882,831],{"style":346},[319,884,350],{"style":329},[319,886,421],{"style":346},[319,888,452],{"style":329},[319,890,460],{"style":329},[310,892,894],{"language":803,"filename":893,"class":313,"tabindex":314},"Output",[300,895,896,351,912],{"class":807},[319,897,898,900,902,904,906,908,910],{"class":321,"style":322},[319,899,438],{"style":329},[319,901,814],{"style":400},[319,903,460],{"style":329},[319,905,842],{"style":333},[319,907,591],{"style":329},[319,909,814],{"style":400},[319,911,460],{"style":329},[319,913,914,916,918,920,922,924,926,928],{"class":321,"style":322},[319,915,438],{"style":329},[319,917,855],{"style":400},[319,919,858],{"style":374},[319,921,381],{"style":329},[319,923,452],{"style":329},[319,925,865],{"style":346},[319,927,452],{"style":329},[319,929,460],{"style":329},[771,931,933],{"id":932},"features-dangerous-attributes","Dangerous Attributes",[296,935,936],{},"Attributes that can be abused regardless of value are always stripped:",[938,939,940,953],"table",{},[941,942,943],"thead",{},[944,945,946,950],"tr",{},[947,948,949],"th",{},"Attribute",[947,951,952],{},"Risk",[954,955,956,967],"tbody",{},[944,957,958,964],{},[959,960,961],"td",{},[300,962,963],{},"srcdoc",[959,965,966],{},"Can contain arbitrary HTML",[944,968,969,974],{},[959,970,971],{},[300,972,973],{},"formaction",[959,975,976],{},"Can redirect form submissions",[771,978,980],{"id":979},"features-protocol-blocking","Protocol Blocking",[296,982,983,986,987,990,991,995,996,999],{},[300,984,985],{},"href"," and ",[300,988,989],{},"src"," values are decoded (URL-encoded and HTML entity variants included) and checked against a hard-coded block list. These protocols are ",[992,993,994],"strong",{},"always"," blocked, even if ",[300,997,998],{},"allowedProtocols: ['*']"," is set:",[296,1001,1002,1005,1006,1005,1009,1005,1012,1005,1015,1005,1018,1005,1021,1005,1024],{},[300,1003,1004],{},"javascript:"," · ",[300,1007,1008],{},"vbscript:",[300,1010,1011],{},"data:text\u002Fhtml",[300,1013,1014],{},"data:text\u002Fjavascript",[300,1016,1017],{},"data:text\u002Fvbscript",[300,1019,1020],{},"data:text\u002Fcss",[300,1022,1023],{},"data:text\u002Fplain",[300,1025,1026],{},"data:text\u002Fxml",[426,1028,1029,1082],{},[310,1030,1031],{"language":803,"filename":804,"class":313,"tabindex":314},[300,1032,1033,351,1063],{"class":807},[319,1034,1035,1037,1040,1043,1045,1047,1050,1052,1054,1057,1059,1061],{"class":321,"style":322},[319,1036,438],{"style":329},[319,1038,1039],{"style":400},"a",[319,1041,1042],{"style":374}," href",[319,1044,381],{"style":329},[319,1046,452],{"style":329},[319,1048,1049],{"style":346},"javascript:alert('XSS')",[319,1051,452],{"style":329},[319,1053,460],{"style":329},[319,1055,1056],{"style":333},"Click",[319,1058,591],{"style":329},[319,1060,1039],{"style":400},[319,1062,460],{"style":329},[319,1064,1065,1067,1069,1071,1073,1075,1078,1080],{"class":321,"style":322},[319,1066,438],{"style":329},[319,1068,855],{"style":400},[319,1070,858],{"style":374},[319,1072,381],{"style":329},[319,1074,452],{"style":329},[319,1076,1077],{"style":346},"data:text\u002Fhtml,\u003Cscript>alert('XSS')\u003C\u002Fscript>",[319,1079,452],{"style":329},[319,1081,460],{"style":329},[310,1083,1084],{"language":803,"filename":893,"class":313,"tabindex":314},[300,1085,1086,351,1102],{"class":807},[319,1087,1088,1090,1092,1094,1096,1098,1100],{"class":321,"style":322},[319,1089,438],{"style":329},[319,1091,1039],{"style":400},[319,1093,460],{"style":329},[319,1095,1056],{"style":333},[319,1097,591],{"style":329},[319,1099,1039],{"style":400},[319,1101,460],{"style":329},[319,1103,1104,1106,1108],{"class":321,"style":322},[319,1105,438],{"style":329},[319,1107,855],{"style":400},[319,1109,460],{"style":329},[761,1111],{},[305,1113,1115],{"id":1114},"api","API",[771,1117,1119],{"id":1118},"api-code-securityoptions",[300,1120,1121],{},"security(options?)",[296,1123,1124,1125,1128],{},"Returns a ",[300,1126,1127],{},"ComarkPlugin"," that sanitizes the parsed AST.",[296,1130,1131],{},[992,1132,1133],{},"Parameters:",[1135,1136,1137],"ul",{},[1138,1139,1140,1143,1144],"li",{},[300,1141,1142],{},"options?"," - Optional configuration — see ",[1039,1145,1147],{"href":1146},"#options","Options",[296,1149,1150,1153,1154],{},[992,1151,1152],{},"Returns:"," ",[300,1155,1127],{},[761,1157],{},[305,1159,1147],{"id":1160},"options",[938,1162,1163,1179],{},[941,1164,1165],{},[944,1166,1167,1170,1173,1176],{},[947,1168,1169],{},"Option",[947,1171,1172],{},"Type",[947,1174,1175],{},"Default",[947,1177,1178],{},"Description",[954,1180,1181,1204,1230,1253,1275,1298],{},[944,1182,1183,1191,1196,1201],{},[959,1184,1185],{},[1039,1186,1188],{"href":1187},"#code-blockedtags",[300,1189,1190],{},"blockedTags",[959,1192,1193],{},[300,1194,1195],{},"string[]",[959,1197,1198],{},[300,1199,1200],{},"[]",[959,1202,1203],{},"Tag names to remove entirely from the AST",[944,1205,1206,1214,1218,1223],{},[959,1207,1208],{},[1039,1209,1211],{"href":1210},"#code-allowedprotocols",[300,1212,1213],{},"allowedProtocols",[959,1215,1216],{},[300,1217,1195],{},[959,1219,1220],{},[300,1221,1222],{},"['*']",[959,1224,1225,1226,986,1228],{},"Protocols permitted in ",[300,1227,985],{},[300,1229,989],{},[944,1231,1232,1240,1244,1248],{},[959,1233,1234],{},[1039,1235,1237],{"href":1236},"#code-allowedlinkprefixes",[300,1238,1239],{},"allowedLinkPrefixes",[959,1241,1242],{},[300,1243,1195],{},[959,1245,1246],{},[300,1247,1222],{},[959,1249,1250,1251],{},"URL prefixes permitted in ",[300,1252,985],{},[944,1254,1255,1263,1267,1271],{},[959,1256,1257],{},[1039,1258,1260],{"href":1259},"#code-allowedimageprefixes",[300,1261,1262],{},"allowedImagePrefixes",[959,1264,1265],{},[300,1266,1195],{},[959,1268,1269],{},[300,1270,1222],{},[959,1272,1250,1273],{},[300,1274,989],{},[944,1276,1277,1285,1290,1295],{},[959,1278,1279],{},[1039,1280,1282],{"href":1281},"#code-defaultorigin",[300,1283,1284],{},"defaultOrigin",[959,1286,1287],{},[300,1288,1289],{},"string",[959,1291,1292],{},[300,1293,1294],{},"undefined",[959,1296,1297],{},"Rewrite disallowed URLs to this origin instead of stripping",[944,1299,1300,1308,1313,1318],{},[959,1301,1302],{},[1039,1303,1305],{"href":1304},"#code-allowdataimages",[300,1306,1307],{},"allowDataImages",[959,1309,1310],{},[300,1311,1312],{},"boolean",[959,1314,1315],{},[300,1316,1317],{},"true",[959,1319,1320,1321,1324,1325],{},"Allow ",[300,1322,1323],{},"data:image\u002F*"," URIs in ",[300,1326,989],{},[771,1328,1330],{"id":1329},"options-code-blockedtags",[300,1331,1190],{},[296,1333,1334,1335,785,1338,1341,1342,1344],{},"Tag names to completely remove from the AST. Matching is case-insensitive, so ",[300,1336,1337],{},"SCRIPT",[300,1339,1340],{},"Script",", and ",[300,1343,441],{}," are all caught.",[310,1346,1347],{"language":312,"class":313,"tabindex":314},[300,1348,1349,351,1357,351,1418],{"class":317},[319,1350,1351,1353,1355],{"class":321,"style":322},[319,1352,410],{"style":387},[319,1354,516],{"style":333},[319,1356,519],{"style":329},[319,1358,1359,1362,1364,1366,1368,1370,1372,1374,1376,1378,1380,1382,1384,1387,1389,1391,1393,1396,1398,1400,1402,1405,1407,1409,1411,1414,1416],{"class":321,"style":322},[319,1360,1361],{"style":400},"  blockedTags",[319,1363,404],{"style":329},[319,1365,407],{"style":333},[319,1367,350],{"style":329},[319,1369,441],{"style":346},[319,1371,350],{"style":329},[319,1373,393],{"style":329},[319,1375,343],{"style":329},[319,1377,541],{"style":346},[319,1379,350],{"style":329},[319,1381,393],{"style":329},[319,1383,343],{"style":329},[319,1385,1386],{"style":346},"object",[319,1388,350],{"style":329},[319,1390,393],{"style":329},[319,1392,343],{"style":329},[319,1394,1395],{"style":346},"embed",[319,1397,350],{"style":329},[319,1399,393],{"style":329},[319,1401,343],{"style":329},[319,1403,1404],{"style":346},"link",[319,1406,350],{"style":329},[319,1408,393],{"style":329},[319,1410,343],{"style":329},[319,1412,1413],{"style":346},"style",[319,1415,350],{"style":329},[319,1417,546],{"style":333},[319,1419,1420,1422],{"class":321,"style":322},[319,1421,418],{"style":329},[319,1423,421],{"style":333},[938,1425,1426,1435],{},[941,1427,1428],{},[944,1429,1430,1433],{},[947,1431,1432],{},"Tag",[947,1434,952],{},[954,1436,1437,1446,1455,1464,1475,1484,1496,1506],{},[944,1438,1439,1443],{},[959,1440,1441],{},[300,1442,441],{},[959,1444,1445],{},"JavaScript execution",[944,1447,1448,1452],{},[959,1449,1450],{},[300,1451,541],{},[959,1453,1454],{},"Loads external content",[944,1456,1457,1461],{},[959,1458,1459],{},[300,1460,1386],{},[959,1462,1463],{},"Embeds plugins or Flash",[944,1465,1466,1470],{},[959,1467,1468],{},[300,1469,1395],{},[959,1471,1472,1473],{},"Similar to ",[300,1474,1386],{},[944,1476,1477,1481],{},[959,1478,1479],{},[300,1480,1404],{},[959,1482,1483],{},"Loads external stylesheets",[944,1485,1486,1490],{},[959,1487,1488],{},[300,1489,1413],{},[959,1491,1492,1493,1495],{},"CSS with ",[300,1494,1004],{}," expressions",[944,1497,1498,1503],{},[959,1499,1500],{},[300,1501,1502],{},"base",[959,1504,1505],{},"Changes base URL for relative links",[944,1507,1508,1513],{},[959,1509,1510],{},[300,1511,1512],{},"meta",[959,1514,1515],{},"HTTP refresh \u002F redirect",[771,1517,1519],{"id":1518},"options-code-allowedprotocols",[300,1520,1213],{},[296,1522,1523,1524,986,1526,1528,1529,1531],{},"Restricts which URL protocols are permitted in ",[300,1525,985],{},[300,1527,989],{}," attributes. Use ",[300,1530,1222],{}," to allow all protocols not already on the hard-coded block list.",[310,1533,1534],{"language":312,"class":313,"tabindex":314},[300,1535,1536,351,1544,351,1569],{"class":317},[319,1537,1538,1540,1542],{"class":321,"style":322},[319,1539,410],{"style":387},[319,1541,516],{"style":333},[319,1543,519],{"style":329},[319,1545,1546,1549,1551,1553,1555,1557,1559,1561,1563,1565,1567],{"class":321,"style":322},[319,1547,1548],{"style":400},"  allowedProtocols",[319,1550,404],{"style":329},[319,1552,407],{"style":333},[319,1554,350],{"style":329},[319,1556,562],{"style":346},[319,1558,350],{"style":329},[319,1560,393],{"style":329},[319,1562,343],{"style":329},[319,1564,571],{"style":346},[319,1566,350],{"style":329},[319,1568,546],{"style":333},[319,1570,1571,1573],{"class":321,"style":322},[319,1572,418],{"style":329},[319,1574,421],{"style":333},[1576,1577,1578,1579,785,1581,785,1583,1586,1587,1590,1591,1593],"warning",{},"The hard-coded unsafe protocols (",[300,1580,1004],{},[300,1582,1008],{},[300,1584,1585],{},"data:text\u002F*",") are a floor that cannot be overridden — even ",[300,1588,1589],{},"allowedProtocols: ['javascript']"," will not unblock ",[300,1592,1004],{}," URLs.",[771,1595,1597],{"id":1596},"options-code-allowedlinkprefixes",[300,1598,1239],{},[296,1600,1601,1602,1604,1605,785,1608,1611],{},"Restricts which URLs are allowed in ",[300,1603,985],{}," attributes. Relative URLs (starting with ",[300,1606,1607],{},"\u002F",[300,1609,1610],{},"#",", etc.) are always allowed regardless of this setting.",[296,1613,1614,1615,1617],{},"When a URL does not match any prefix and ",[300,1616,1284],{}," is set, the URL is rewritten instead of stripped.",[310,1619,1620],{"language":312,"class":313,"tabindex":314},[300,1621,1622,351,1630,351,1657],{"class":317},[319,1623,1624,1626,1628],{"class":321,"style":322},[319,1625,410],{"style":387},[319,1627,516],{"style":333},[319,1629,519],{"style":329},[319,1631,1632,1635,1637,1639,1641,1644,1646,1648,1650,1653,1655],{"class":321,"style":322},[319,1633,1634],{"style":400},"  allowedLinkPrefixes",[319,1636,404],{"style":329},[319,1638,407],{"style":333},[319,1640,350],{"style":329},[319,1642,1643],{"style":346},"https:\u002F\u002Fmyapp.com",[319,1645,350],{"style":329},[319,1647,393],{"style":329},[319,1649,343],{"style":329},[319,1651,1652],{"style":346},"https:\u002F\u002Fdocs.myapp.com",[319,1654,350],{"style":329},[319,1656,546],{"style":333},[319,1658,1659,1661],{"class":321,"style":322},[319,1660,418],{"style":329},[319,1662,421],{"style":333},[771,1664,1666],{"id":1665},"options-code-allowedimageprefixes",[300,1667,1262],{},[296,1669,1670,1671,1673,1674,1676],{},"Same as ",[300,1672,1239],{}," but applies to ",[300,1675,989],{}," attributes only. The two options are checked independently — restricting one does not affect the other.",[310,1678,1679],{"language":312,"class":313,"tabindex":314},[300,1680,1681,351,1689,351,1707],{"class":317},[319,1682,1683,1685,1687],{"class":321,"style":322},[319,1684,410],{"style":387},[319,1686,516],{"style":333},[319,1688,519],{"style":329},[319,1690,1691,1694,1696,1698,1700,1703,1705],{"class":321,"style":322},[319,1692,1693],{"style":400},"  allowedImagePrefixes",[319,1695,404],{"style":329},[319,1697,407],{"style":333},[319,1699,350],{"style":329},[319,1701,1702],{"style":346},"https:\u002F\u002Fcdn.myapp.com",[319,1704,350],{"style":329},[319,1706,546],{"style":333},[319,1708,1709,1711],{"class":321,"style":322},[319,1710,418],{"style":329},[319,1712,421],{"style":333},[771,1714,1716],{"id":1715},"options-code-defaultorigin",[300,1717,1284],{},[296,1719,1720,1721,1723,1724,1726],{},"When a URL fails the ",[300,1722,1239],{}," or ",[300,1725,1262],{}," check, it is rewritten to use this origin instead of being stripped. The path, query, and fragment of the original URL are preserved.",[310,1728,1729],{"language":312,"class":313,"tabindex":314},[300,1730,1731,351,1739,351,1757,351,1770,351,1776],{"class":317},[319,1732,1733,1735,1737],{"class":321,"style":322},[319,1734,410],{"style":387},[319,1736,516],{"style":333},[319,1738,519],{"style":329},[319,1740,1741,1743,1745,1747,1749,1751,1753,1755],{"class":321,"style":322},[319,1742,1634],{"style":400},[319,1744,404],{"style":329},[319,1746,407],{"style":333},[319,1748,350],{"style":329},[319,1750,1643],{"style":346},[319,1752,350],{"style":329},[319,1754,546],{"style":333},[319,1756,393],{"style":329},[319,1758,1759,1762,1764,1766,1768],{"class":321,"style":322},[319,1760,1761],{"style":400},"  defaultOrigin",[319,1763,404],{"style":329},[319,1765,343],{"style":329},[319,1767,1643],{"style":346},[319,1769,350],{"style":329},[319,1771,1772,1774],{"class":321,"style":322},[319,1773,418],{"style":329},[319,1775,421],{"style":333},[319,1777,1778],{"class":321,"style":322},[319,1779,1781],{"style":1780},"color:#90A4AE;--shiki-light-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic","\u002F\u002F https:\u002F\u002Fevil.com\u002Fpath → https:\u002F\u002Fmyapp.com\u002Fpath",[771,1783,1785],{"id":1784},"options-code-allowdataimages",[300,1786,1307],{},[296,1788,1789,1790,1792,1793,1795,1796,1799],{},"Controls whether ",[300,1791,1323],{}," URIs are allowed in ",[300,1794,989],{}," attributes. Set to ",[300,1797,1798],{},"false"," to block base64-encoded images, which can be used as tracking pixels or embedded payloads.",[310,1801,1802],{"language":312,"class":313,"tabindex":314},[300,1803,1804,351,1812,351,1823],{"class":317},[319,1805,1806,1808,1810],{"class":321,"style":322},[319,1807,410],{"style":387},[319,1809,516],{"style":333},[319,1811,519],{"style":329},[319,1813,1814,1817,1819],{"class":321,"style":322},[319,1815,1816],{"style":400},"  allowDataImages",[319,1818,404],{"style":329},[319,1820,1822],{"style":1821},"color:#FF5370;--shiki-dark:#FF9CAC"," false",[319,1824,1825,1827],{"class":321,"style":322},[319,1826,418],{"style":329},[319,1828,421],{"style":333},[1830,1831,1832,1834,1835,1837],"tip",{},[300,1833,1585],{}," variants in ",[300,1836,985],{}," are always blocked by the hard-coded protocol list regardless of this setting.",[761,1839],{},[305,1841,5],{"id":7},[771,1843,1845],{"id":1844},"examples-user-generated-content","User-Generated Content",[296,1847,1848],{},"The most common use case — lock down everything that could execute code or phone home:",[310,1850,1851],{"language":312,"class":313,"tabindex":314},[300,1852,1853,351,1871,351,1885,351,1887,351,1906,351,1914,351,1923,351,1982,351,2009,351,2018,351,2025,351,2030],{"class":317},[319,1854,1855,1857,1859,1861,1863,1865,1867,1869],{"class":321,"style":322},[319,1856,326],{"style":325},[319,1858,330],{"style":329},[319,1860,334],{"style":333},[319,1862,337],{"style":329},[319,1864,340],{"style":325},[319,1866,343],{"style":329},[319,1868,347],{"style":346},[319,1870,350],{"style":329},[319,1872,1873,1875,1877,1879,1881,1883],{"class":321,"style":322},[319,1874,326],{"style":325},[319,1876,358],{"style":333},[319,1878,361],{"style":325},[319,1880,343],{"style":329},[319,1882,302],{"style":346},[319,1884,350],{"style":329},[319,1886],{"class":321,"style":322},[319,1888,1889,1891,1893,1895,1897,1899,1902,1904],{"class":321,"style":322},[319,1890,375],{"style":374},[319,1892,378],{"style":333},[319,1894,381],{"style":329},[319,1896,384],{"style":325},[319,1898,334],{"style":387},[319,1900,1901],{"style":333},"(userInput",[319,1903,393],{"style":329},[319,1905,330],{"style":329},[319,1907,1908,1910,1912],{"class":321,"style":322},[319,1909,401],{"style":400},[319,1911,404],{"style":329},[319,1913,407],{"style":333},[319,1915,1916,1919,1921],{"class":321,"style":322},[319,1917,1918],{"style":387},"    security",[319,1920,516],{"style":333},[319,1922,519],{"style":329},[319,1924,1925,1928,1930,1932,1934,1936,1938,1940,1942,1944,1946,1948,1950,1952,1954,1956,1958,1960,1962,1964,1966,1968,1970,1972,1974,1976,1978,1980],{"class":321,"style":322},[319,1926,1927],{"style":400},"      blockedTags",[319,1929,404],{"style":329},[319,1931,407],{"style":333},[319,1933,350],{"style":329},[319,1935,441],{"style":346},[319,1937,350],{"style":329},[319,1939,393],{"style":329},[319,1941,343],{"style":329},[319,1943,541],{"style":346},[319,1945,350],{"style":329},[319,1947,393],{"style":329},[319,1949,343],{"style":329},[319,1951,1386],{"style":346},[319,1953,350],{"style":329},[319,1955,393],{"style":329},[319,1957,343],{"style":329},[319,1959,1395],{"style":346},[319,1961,350],{"style":329},[319,1963,393],{"style":329},[319,1965,343],{"style":329},[319,1967,1404],{"style":346},[319,1969,350],{"style":329},[319,1971,393],{"style":329},[319,1973,343],{"style":329},[319,1975,1413],{"style":346},[319,1977,350],{"style":329},[319,1979,546],{"style":333},[319,1981,393],{"style":329},[319,1983,1984,1987,1989,1991,1993,1995,1997,1999,2001,2003,2005,2007],{"class":321,"style":322},[319,1985,1986],{"style":400},"      allowedProtocols",[319,1988,404],{"style":329},[319,1990,407],{"style":333},[319,1992,350],{"style":329},[319,1994,562],{"style":346},[319,1996,350],{"style":329},[319,1998,393],{"style":329},[319,2000,343],{"style":329},[319,2002,571],{"style":346},[319,2004,350],{"style":329},[319,2006,546],{"style":333},[319,2008,393],{"style":329},[319,2010,2011,2014,2016],{"class":321,"style":322},[319,2012,2013],{"style":400},"      allowDataImages",[319,2015,404],{"style":329},[319,2017,1822],{"style":1821},[319,2019,2020,2023],{"class":321,"style":322},[319,2021,2022],{"style":329},"    }",[319,2024,421],{"style":333},[319,2026,2027],{"class":321,"style":322},[319,2028,2029],{"style":333},"  ]",[319,2031,2032,2034],{"class":321,"style":322},[319,2033,418],{"style":329},[319,2035,421],{"style":333},[771,2037,2039],{"id":2038},"examples-restrict-links-to-your-domain","Restrict Links to Your Domain",[296,2041,2042],{},"Keep all links and images within your own infrastructure, rewriting external URLs instead of stripping them:",[310,2044,2045],{"language":312,"class":313,"tabindex":314},[300,2046,2047,351,2055,351,2081,351,2099,351,2111],{"class":317},[319,2048,2049,2051,2053],{"class":321,"style":322},[319,2050,410],{"style":387},[319,2052,516],{"style":333},[319,2054,519],{"style":329},[319,2056,2057,2059,2061,2063,2065,2067,2069,2071,2073,2075,2077,2079],{"class":321,"style":322},[319,2058,1634],{"style":400},[319,2060,404],{"style":329},[319,2062,407],{"style":333},[319,2064,350],{"style":329},[319,2066,1643],{"style":346},[319,2068,350],{"style":329},[319,2070,393],{"style":329},[319,2072,343],{"style":329},[319,2074,1652],{"style":346},[319,2076,350],{"style":329},[319,2078,546],{"style":333},[319,2080,393],{"style":329},[319,2082,2083,2085,2087,2089,2091,2093,2095,2097],{"class":321,"style":322},[319,2084,1693],{"style":400},[319,2086,404],{"style":329},[319,2088,407],{"style":333},[319,2090,350],{"style":329},[319,2092,1702],{"style":346},[319,2094,350],{"style":329},[319,2096,546],{"style":333},[319,2098,393],{"style":329},[319,2100,2101,2103,2105,2107,2109],{"class":321,"style":322},[319,2102,1761],{"style":400},[319,2104,404],{"style":329},[319,2106,343],{"style":329},[319,2108,1643],{"style":346},[319,2110,350],{"style":329},[319,2112,2113,2115],{"class":321,"style":322},[319,2114,418],{"style":329},[319,2116,421],{"style":333},[771,2118,2120],{"id":2119},"examples-block-external-images","Block External Images",[296,2122,2123],{},"Prevent tracking pixels and externally-hosted images while keeping everything else permissive:",[310,2125,2126],{"language":312,"class":313,"tabindex":314},[300,2127,2128,351,2136,351,2154,351,2162],{"class":317},[319,2129,2130,2132,2134],{"class":321,"style":322},[319,2131,410],{"style":387},[319,2133,516],{"style":333},[319,2135,519],{"style":329},[319,2137,2138,2140,2142,2144,2146,2148,2150,2152],{"class":321,"style":322},[319,2139,1693],{"style":400},[319,2141,404],{"style":329},[319,2143,407],{"style":333},[319,2145,350],{"style":329},[319,2147,1702],{"style":346},[319,2149,350],{"style":329},[319,2151,546],{"style":333},[319,2153,393],{"style":329},[319,2155,2156,2158,2160],{"class":321,"style":322},[319,2157,1816],{"style":400},[319,2159,404],{"style":329},[319,2161,1822],{"style":1821},[319,2163,2164,2166],{"class":321,"style":322},[319,2165,418],{"style":329},[319,2167,421],{"style":333},[761,2169],{},[305,2171,2173],{"id":2172},"best-practices","Best Practices",[771,2175,2177],{"id":2176},"best-practices-block-tags-not-just-attributes","Block tags, not just attributes",[296,2179,2180,2181,2184,2185,785,2188,785,2191,785,2194,1341,2197,2200],{},"Blocking only ",[300,2182,2183],{},"\u003Cscript>"," may not be enough — ",[300,2186,2187],{},"\u003Ciframe>",[300,2189,2190],{},"\u003Cobject>",[300,2192,2193],{},"\u003Cembed>",[300,2195,2196],{},"\u003Clink>",[300,2198,2199],{},"\u003Cstyle>"," can also execute or load external content:",[310,2202,2203],{"language":312,"class":313,"tabindex":314},[300,2204,2205,351,2210,351,2218,351,2274,351,2280,351,2282,351,2287,351,2295,351,2311],{"class":317},[319,2206,2207],{"class":321,"style":322},[319,2208,2209],{"style":1780},"\u002F\u002F ✅ More thorough",[319,2211,2212,2214,2216],{"class":321,"style":322},[319,2213,410],{"style":387},[319,2215,516],{"style":333},[319,2217,519],{"style":329},[319,2219,2220,2222,2224,2226,2228,2230,2232,2234,2236,2238,2240,2242,2244,2246,2248,2250,2252,2254,2256,2258,2260,2262,2264,2266,2268,2270,2272],{"class":321,"style":322},[319,2221,1361],{"style":400},[319,2223,404],{"style":329},[319,2225,407],{"style":333},[319,2227,350],{"style":329},[319,2229,441],{"style":346},[319,2231,350],{"style":329},[319,2233,393],{"style":329},[319,2235,343],{"style":329},[319,2237,541],{"style":346},[319,2239,350],{"style":329},[319,2241,393],{"style":329},[319,2243,343],{"style":329},[319,2245,1386],{"style":346},[319,2247,350],{"style":329},[319,2249,393],{"style":329},[319,2251,343],{"style":329},[319,2253,1395],{"style":346},[319,2255,350],{"style":329},[319,2257,393],{"style":329},[319,2259,343],{"style":329},[319,2261,1404],{"style":346},[319,2263,350],{"style":329},[319,2265,393],{"style":329},[319,2267,343],{"style":329},[319,2269,1413],{"style":346},[319,2271,350],{"style":329},[319,2273,546],{"style":333},[319,2275,2276,2278],{"class":321,"style":322},[319,2277,418],{"style":329},[319,2279,421],{"style":333},[319,2281],{"class":321,"style":322},[319,2283,2284],{"class":321,"style":322},[319,2285,2286],{"style":1780},"\u002F\u002F ⚠️ Incomplete",[319,2288,2289,2291,2293],{"class":321,"style":322},[319,2290,410],{"style":387},[319,2292,516],{"style":333},[319,2294,519],{"style":329},[319,2296,2297,2299,2301,2303,2305,2307,2309],{"class":321,"style":322},[319,2298,1361],{"style":400},[319,2300,404],{"style":329},[319,2302,407],{"style":333},[319,2304,350],{"style":329},[319,2306,441],{"style":346},[319,2308,350],{"style":329},[319,2310,546],{"style":333},[319,2312,2313,2315],{"class":321,"style":322},[319,2314,418],{"style":329},[319,2316,421],{"style":333},[771,2318,2320],{"id":2319},"best-practices-sanitize-before-storage","Sanitize before storage",[296,2322,2323],{},"Sanitizing at parse time on read means malicious content already made it into the database. Sanitize before writing instead:",[310,2325,2326],{"language":312,"class":313,"tabindex":314},[300,2327,2328,351,2333,351,2358,351,2381,351,2422,351,2428,351,2462],{"class":317},[319,2329,2330],{"class":321,"style":322},[319,2331,2332],{"style":1780},"\u002F\u002F ✅ Sanitize before storing",[319,2334,2335,2338,2341,2344,2346,2349,2351,2354,2356],{"class":321,"style":322},[319,2336,2337],{"style":374},"async",[319,2339,2340],{"style":374}," function",[319,2342,2343],{"style":387}," saveArticle",[319,2345,516],{"style":329},[319,2347,749],{"style":2348},"color:#90A4AE;--shiki-light-font-style:italic;--shiki-dark:#BABED8;--shiki-dark-font-style:italic",[319,2350,404],{"style":329},[319,2352,2353],{"style":694}," string",[319,2355,421],{"style":329},[319,2357,330],{"style":329},[319,2359,2360,2363,2366,2369,2371,2373,2375,2377,2379],{"class":321,"style":322},[319,2361,2362],{"style":374},"  const",[319,2364,2365],{"style":333}," sanitized",[319,2367,2368],{"style":329}," =",[319,2370,384],{"style":325},[319,2372,334],{"style":387},[319,2374,516],{"style":400},[319,2376,749],{"style":333},[319,2378,393],{"style":329},[319,2380,330],{"style":329},[319,2382,2383,2386,2388,2390,2392,2394,2396,2398,2400,2402,2404,2406,2408,2410,2412,2414,2416,2418,2420],{"class":321,"style":322},[319,2384,2385],{"style":400},"    plugins",[319,2387,404],{"style":329},[319,2389,407],{"style":400},[319,2391,410],{"style":387},[319,2393,516],{"style":400},[319,2395,519],{"style":329},[319,2397,712],{"style":400},[319,2399,404],{"style":329},[319,2401,407],{"style":400},[319,2403,350],{"style":329},[319,2405,441],{"style":346},[319,2407,350],{"style":329},[319,2409,393],{"style":329},[319,2411,343],{"style":329},[319,2413,541],{"style":346},[319,2415,350],{"style":329},[319,2417,733],{"style":400},[319,2419,418],{"style":329},[319,2421,738],{"style":400},[319,2423,2424,2426],{"class":321,"style":322},[319,2425,580],{"style":329},[319,2427,421],{"style":400},[319,2429,2430,2433,2436,2439,2442,2444,2447,2449,2451,2454,2456,2458,2460],{"class":321,"style":322},[319,2431,2432],{"style":325},"  await",[319,2434,2435],{"style":333}," db",[319,2437,2438],{"style":329},".",[319,2440,2441],{"style":333},"articles",[319,2443,2438],{"style":329},[319,2445,2446],{"style":387},"create",[319,2448,516],{"style":400},[319,2450,519],{"style":329},[319,2452,2453],{"style":400}," content",[319,2455,404],{"style":329},[319,2457,2365],{"style":333},[319,2459,337],{"style":329},[319,2461,421],{"style":400},[319,2463,2464],{"class":321,"style":322},[319,2465,418],{"style":329},[771,2467,2469],{"id":2468},"best-practices-pair-with-a-content-security-policy","Pair with a Content Security Policy",[296,2471,2472],{},"The plugin sanitizes the AST, but a CSP header adds a second line of defense in the browser:",[310,2474,2475],{"language":312,"class":313,"tabindex":314},[300,2476,2477,351,2482,351,2494,351,2506,351,2516],{"class":317},[319,2478,2479],{"class":321,"style":322},[319,2480,2481],{"style":1780},"\u002F\u002F Express.js",[319,2483,2484,2487,2489,2492],{"class":321,"style":322},[319,2485,2486],{"style":333},"res",[319,2488,2438],{"style":329},[319,2490,2491],{"style":387},"setHeader",[319,2493,516],{"style":333},[319,2495,2496,2499,2502,2504],{"class":321,"style":322},[319,2497,2498],{"style":329},"  '",[319,2500,2501],{"style":346},"Content-Security-Policy",[319,2503,350],{"style":329},[319,2505,393],{"style":329},[319,2507,2508,2511,2514],{"class":321,"style":322},[319,2509,2510],{"style":329},"  \"",[319,2512,2513],{"style":346},"default-src 'self'; script-src 'none';",[319,2515,452],{"style":329},[319,2517,2518],{"class":321,"style":322},[319,2519,421],{"style":333},[1830,2521,2522,2523,2526],{},"The plugin runs during the ",[300,2524,2525],{},"post"," phase and traverses the AST once — O(n) in the number of nodes, with no impact on render time.",{"title":2528,"searchDepth":2529,"depth":2529,"links":2530},"",2,[2531,2532,2538,2541,2549,2554],{"id":307,"depth":2529,"text":308},{"id":765,"depth":2529,"text":766,"children":2533},[2534,2536,2537],{"id":773,"depth":2535,"text":774},3,{"id":932,"depth":2535,"text":933},{"id":979,"depth":2535,"text":980},{"id":1114,"depth":2529,"text":1115,"children":2539},[2540],{"id":1118,"depth":2535,"text":1121},{"id":1160,"depth":2529,"text":1147,"children":2542},[2543,2544,2545,2546,2547,2548],{"id":1329,"depth":2535,"text":1190},{"id":1518,"depth":2535,"text":1213},{"id":1596,"depth":2535,"text":1239},{"id":1665,"depth":2535,"text":1262},{"id":1715,"depth":2535,"text":1284},{"id":1784,"depth":2535,"text":1307},{"id":7,"depth":2529,"text":5,"children":2550},[2551,2552,2553],{"id":1844,"depth":2535,"text":1845},{"id":2038,"depth":2535,"text":2039},{"id":2119,"depth":2535,"text":2120},{"id":2172,"depth":2529,"text":2173,"children":2555},[2556,2557,2558],{"id":2176,"depth":2535,"text":2177},{"id":2319,"depth":2535,"text":2320},{"id":2468,"depth":2535,"text":2469},"Sanitize the parsed AST by removing dangerous elements, blocking malicious protocols, and restricting link destinations.","md",[2562,2565],{"label":257,"icon":44,"to":258,"color":2563,"variant":2564},"neutral","soft",{"label":61,"icon":160,"to":161,"color":2563,"variant":2564},{"data":2567},{"title":170,"description":2559,"seo":2568,"navigation":2570,"links":2571},{"title":2569,"description":2559},"Security Sanitization Plugin",{"icon":173},[2572,2573],{"label":257,"icon":44,"to":258,"color":2563,"variant":2564},{"label":61,"icon":160,"to":161,"color":2563,"variant":2564},{"icon":173},{"title":2569,"description":2559},"D0RyWdxjEcF1-lFPaNeT3TvHc2YAjEiIczZSsn0lnVU",[2578,2580],{"title":155,"path":156,"stem":157,"description":2579,"icon":158,"children":-1},"Render Comark content as styled terminal output using ANSI escape codes — perfect for CLIs, scripts, and developer tooling.",{"title":175,"path":176,"stem":177,"description":2581,"icon":178,"children":-1},"Convert emoji shortcodes like :smile: into emoji characters.",1776872699459]