stefano/BSSG
stefano/BSSG
11
11
Fork 8
Code Issues 14 Pull requests 3 Projects Releases 16 Packages Wiki Activity Actions

Allow cmark --unsafe flag? #46

New issue
Open
opened 2026-01-28 17:27:21 +01:00 by barneyh · 5 comments
barneyh commented 2026-01-28 17:27:21 +01:00
Copy link

Hi,
New user of BSSG here and really enjoying thus far. I'm trying to add some custom attributes to my images so that I can utilise some fun JS libraries (https://github.com/sneas/img-comparison-slider) on my site. The requires HTML is this:

<img-comparison-slider>
  <img slot="first" src="before.jpg" />
  <img slot="second" src="after.jpg" />
</img-comparison-slider>

But I can't work out how to generate the required HTML via the .md -> cmark build process, and I keep seeing <!-- raw HTML omitted --> in my output files. I see that passing the --unsafe flag to the cmark command allows the embedded html to pass through. Would it be possible to enable this as a local configuration option perhaps? Or does it present security issues that I'm not aware of?

Cheers,

Hi, New user of BSSG here and really enjoying thus far. I'm trying to add some custom attributes to my images so that I can utilise some fun JS libraries (https://github.com/sneas/img-comparison-slider) on my site. The requires HTML is this: ``` <img-comparison-slider> <img slot="first" src="before.jpg" /> <img slot="second" src="after.jpg" /> </img-comparison-slider> ``` But I can't work out how to generate the required HTML via the .md -> cmark build process, and I keep seeing `<!-- raw HTML omitted -->` in my output files. I see that passing the `--unsafe` flag to the cmark command allows the embedded html to pass through. Would it be possible to enable this as a local configuration option perhaps? Or does it present security issues that I'm not aware of? Cheers,
mrecondo commented 2026-01-28 19:07:51 +01:00
Copy link

I solved this by creating an alias to cmark with the unsafe flag always on.

I solved this by creating an alias to cmark with the unsafe flag always on.
barneyh commented 2026-01-28 20:21:17 +01:00
Author
Copy link

Ah, nice workaround! Thanks. Guess I might leave the issue open for a bit in case passing flags to the parsing tools is something worth exploring?

Ah, nice workaround! Thanks. Guess I might leave the issue open for a bit in case passing flags to the parsing tools is something worth exploring?
barneyh commented 2026-01-28 21:01:02 +01:00
Author
Copy link

@mrecondo wrote in #46 (comment):

I solved this by creating an alias to cmark with the unsafe flag always on.

Actually, I can't figure out how to do this on macosx. ./bssg.sh calls a non-interactive shell via /usr/bin/env bash and none my aliases seem to take effect. Any advice?

@mrecondo wrote in https://brew.bsd.cafe/stefano/BSSG/issues/46#issuecomment-323: > I solved this by creating an alias to cmark with the unsafe flag always on. Actually, I can't figure out how to do this on macosx. `./bssg.sh` calls a non-interactive shell via `/usr/bin/env bash` and none my aliases seem to take effect. Any advice?
mrecondo commented 2026-01-28 21:47:33 +01:00
Copy link

I haven't used macos for a long time. No idea how to solve this. Sorry

I haven't used macos for a long time. No idea how to solve this. Sorry
barneyh commented 2026-01-29 15:19:04 +01:00
Author
Copy link

Resorted to changing ln 320 from /scripts/build/content.sh from:

if ! html_content=$(echo "$content" | cmark); then

to

if ! html_content=$(echo "$content" | cmark --unsafe); then

hacky and unsustainable but did the job for now.

Resorted to changing ln 320 from `/scripts/build/content.sh` from: ` if ! html_content=$(echo "$content" | cmark); then` to ` if ! html_content=$(echo "$content" | cmark --unsafe); then` hacky and unsustainable but did the job for now.
👍 1
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
0.40.0
0.33.0
0.32.0
0.31.0
0.30.0
0.20.0
0.16.1
0.16.0
0.15.1
0.15.0
0.12.1
0.12.0
0.11.0
0.10.0
0.9.2
0.9.1
0.9
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: stefano/BSSG#46
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?