Sanitize Option Not Affecting Output

[ryanfitzer]

Initial checklist

• I read the support docs
• I read the contributing guide
• I agree to follow the code of conduct
• I searched issues and couldn’t find anything (or linked relevant results below)

Affected packages and versions

remark-html@16.0.1

Link to runnable example

codesandbox example

Steps to reproduce

Using:

• node@20.9.0
• npm@10.2.4
• next@14.0.4

Expected behavior

The <video> element would be included in the output.

Actual behavior

The <video> is stripped from the output.

Runtime

Other (please specify in steps to reproduce)

Package manager

Other (please specify in steps to reproduce)

OS

macOS 13.6.1 (22G313)

Build and bundle tools

Next.js

[wooorm]

Please post code. Everything’s tested well. You need to prove things. Don’t waste folks time.

[ChristianMurphy]

Welcome @ryanfitzer! 👋
Sorry you ran into a spot of trouble.

Please check the readme for the projects and spend some time articulating your question.
See https://github.com/remarkjs/.github/blob/main/support.md for recommendations.

You aren't using the sanitize option in your example your question doesn't really make sense.
My guess is you haven't setup the full HTML flow, please see https://unifiedjs.com/learn/recipe/remark-html/

[ryanfitzer]

I updated the codesandbox link. Looks like the one I originally copied using the "share" link just gave me the starting example :(

[ChristianMurphy]

@ryanfitzer thanks for updating the link, again please read https://unifiedjs.com/learn/recipe/remark-html/#how-to-properly-support-html-inside-markdown
You are missing support for embedded HTML in markdown.

[ryanfitzer]

Thanks for the help! My confusion is due to the following factors:

• The readme.md states that it "compiles markdown to HTML".
• The readme.md doesn't mention support for embedded HTML is not included.
• Embedded HTML is part of the Markdown spec.
• When I used { sanitize: false } in the options, everything worked as expected, so I was thinking I just needed to provide a customized schema to the sanitize option.

I updated the codesandbox with a functioning example for anyone who comes across this issue with the same confusion as I did.

Again, thanks for the support and for providing the helpful codesandbox template!

[ChristianMurphy]

The readme.md states that it "compiles markdown to HTML".
The readme.md doesn't mention support for embedded HTML is not included.

Which readme are you referring to?
If you have specific recommendations to concisely improve the readme, happy to discuss further.

Generally speaking, there are so many possible use cases, we can't document all of them, and especially not across to 300+ readme files. This is why https://unifiedjs.com/learn/ exists, to capture common use cases as recipes.

Embedded HTML is part of the Markdown spec.

This project implements the CommonMark spec.
It is also important to note the distinction between embedded in the language, and part of the language.
HTML is embedded, it is a separate document contained in the Markdown document. It is not part of the Markdown language.

[wooorm]

the first misconception is that this project is not recommended, per the readme. There is a ton more power if you choose the recommended tools.
There used to be like 5 warnings in the readme, which is overkill. Then folks don’t read the other text. Now I have one, in the “When should I use this” section.

the second misconception here seems to be whether HTML is dangerous or not. HTML is dangerous. So it’s all removed by default, and you can configure and choose what is allowed or not afterwards, which is documented in the Options section.