Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
openclaw/ui/src/markdown-it-task-lists.d.ts
zhangfan49 6aeedeb401 fix(ui): replace marked.js with markdown-it to fix ReDoS UI freeze 
Replace marked.js with markdown-it to eliminate ReDoS vulnerability (#36213).

Behavior remains consistent with original marked.js except for task lists
(- [ ] / - [x]) which now render as checkboxes via markdown-it-task-lists.

To preserve marked.js behavior:
- Enable GFM strikethrough (~~text~~)
- Disable fuzzyLink to avoid auto-linking bare filenames like README.md
- Add www. autolink validator per GFM spec (trailing punctuation, balanced parens)
- Override html_block/html_inline to escape raw HTML
- Override image renderer: alt text for remote URLs, allow base64 data URIs
- Override fence/code_block: copy button and JSON collapse
- Dangerous schemes (javascript:, vbscript:, file:) sanitized by DOMPurify

New: task-list checkbox styling for .chat-text, .sidebar-markdown, .chat-thinking

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-21 14:03:49 +08:00

11 lines
289 B
TypeScript
Raw Blame History

declare module "markdown-it-task-lists" {
import type MarkdownIt from "markdown-it";
interface TaskListsOptions {
enabled?: boolean;
label?: boolean;
labelAfter?: boolean;
}
const plugin: (md: MarkdownIt, options?: TaskListsOptions) => void;
export default plugin;
}
Reference in New Issue View Git Blame Copy Permalink