+1 for react-markdown. We use it in our vscode ballerina extension to render markdown documentation. Its customizable and easy to use.
Regarding XSS, by default react-markdown escapes all html within markdown. But this is customizable, we can allow only a selected set of html elements. On Thu, Oct 25, 2018 at 4:25 PM Kasun Thennakoon <kasu...@wso2.com> wrote: > Hi Chamin, > > I think most of these libraries are for viewing the markdown source, for > the In-line Documents we need to have a markdown editor as well. In the > *react-markdown > *demo, they have used codemirro > <https://github.com/rexxars/react-markdown/blob/master/demo/src/codemirror.js> > as the editor there. So are we going to use codemirro as the editor as well > ? > > As an addition to the above library list, I found this(react-mde) > library[1] for editing the markdown source (it use Draft.js), And it has a > viewing component as well (Using showdown JS > <https://github.com/showdownjs/showdown>). > But in *react-mde *they have raised a concern about XSS Vulnerability[2], > and have provided instruction to mitigate it[3]. > > IMHO we need to check the possibility of XSS in above libraries as well. > > [1]: https://github.com/andrerpena/react-mde > [2]: https://github.com/andrerpena/react-mde#xss-concerns > [3]: > https://github.com/showdownjs/showdown/wiki/Markdown's-XSS-Vulnerability-(and-how-to-mitigate-it) > > On Thu, Oct 25, 2018 at 11:47 AM Chamin Dias <cham...@wso2.com> wrote: > >> >> >> On Thu, Oct 25, 2018 at 3:14 PM, Chamin Dias <cham...@wso2.com> wrote: >> >>> Hi all, >>> >>> We are in the process of doing $subject. We came across few (possible) >>> libraries to fulfill the requirement. >>> >>> Here is the summary of each library (as at 2018/10/25). >>> >>> >>> *Option 1 : react-markdown* >>> >>> URL : https://github.com/rexxars/react-markdown >>> Stars : 2730 >>> Fork count : 276 >>> Last commit : 14 days ago >>> >>> >>> *Option 2 : markdown-react-js* >>> >>> URL : https://github.com/alexkuz/markdown-react-js >>> Stars : 95 >>> Fork count : 17 >>> Last commit : 10 months ago >>> >>> >>> *Option 3 : react-markdown-renderer* >>> >>> URL : https://github.com/InsidersByte/react-markdown-renderer >>> Stars : 19 >>> Fork count : 3 >>> Last commit : 11 months ago >>> >>> >>> Accordingly, we can observe that option 1 is most suitable for this >>> (mostly used and actively developed). >>> >>> Here is a sample (Option 1 : react-markdown). >>> >>> const React = require('react') >>> const ReactDOM = require('react-dom') >>> const ReactMarkdown = require('react-markdown') >>> >>> const input = '# This is a header\n\nAnd this is a paragraph' >>> >>> ReactDOM.render( >>> <ReactMarkdown source={input} />, >>> document.getElementById('container') >>> ) >>> >>> A demo can be found in : >>> https://github.com/rexxars/react-markdown/blob/master/README.md >>> >>> We thought of going forward with *Option 1 : react-markdown.* >>> >>> Please share if you have any better suggestion than this. >>> >>> Thanks. >>> >>> -- >>> Chamin Dias >>> Mobile : 0716097455 >>> Email : cham...@wso2.com >>> LinkedIn : https://www.linkedin.com/in/chamindias >>> >>> >> >> >> -- >> Chamin Dias >> Mobile : 0716097455 >> Email : cham...@wso2.com >> LinkedIn : https://www.linkedin.com/in/chamindias >> >> > > -- > *Kasun Thennakoon* > Software Engineer > WSO2, Inc. > Mobile:+94 711661919 > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- Aruna Herath Senior Software Engineer | WSO2 Mobile: 0711 051 799 | 0774 569 555 <http://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
