or run

tessl search

tessl/npm-marked

tessl install tessl/npm-marked@17.0.0

A markdown parser built for speed

Security Guide

Best practices for secure markdown parsing.

Critical: No HTML Sanitization

Marked does NOT sanitize HTML output. Always use a sanitization library.

import { marked } from "marked";
import DOMPurify from "dompurify";

// UNSAFE
const unsafeHtml = marked.parse(userInput);

// SAFE
const dirty = marked.parse(userInput);
const clean = DOMPurify.sanitize(dirty);

Recommended Sanitization Libraries

DOMPurify - Most comprehensive
sanitize-html - Configurable
js-xss - Lightweight

Additional Security Measures

Validate and limit file sizes
Implement rate limiting for user input
Use Content Security Policy (CSP) headers
Disable dangerous markdown features if not needed

XSS Prevention

import { marked } from "marked";
import DOMPurify from "dompurify";

function safeRender(markdown) {
  const html = marked.parse(markdown);
  return DOMPurify.sanitize(html, {
    ALLOWED_TAGS: ['p', 'strong', 'em', 'a', 'ul', 'ol', 'li'],
    ALLOWED_ATTR: ['href']
  });
}

Version

tessl/npm-marked

security.mddocs/guides/

Security Guide

Critical: No HTML Sanitization

Recommended Sanitization Libraries

Additional Security Measures

XSS Prevention

Version

tessl/npm-marked

security.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}docs/guides/

Security Guide

Critical: No HTML Sanitization

Recommended Sanitization Libraries

Additional Security Measures

XSS Prevention

security.mddocs/guides/