davidwindham.com / npmx.dev
forked from npmx.dev/npmx.dev
[READ-ONLY] a fast, modern browser for the npm registry
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix: readme rendering result lacks anchor point jump (#994)

authored by

btea and committed by
GitHub 0531e3f3 c12afc28

+31 -17
+31 -17
server/utils/readme.ts
··· 139 139 ] 140 140 141 141 const ALLOWED_ATTR: Record<string, string[]> = { 142 - a: ['href', 'title', 'target', 'rel'], 143 - img: ['src', 'alt', 'title', 'width', 'height', 'align'], 144 - source: ['src', 'srcset', 'type', 'media'], 145 - button: ['class', 'title', 'type', 'aria-label', 'data-copy'], 146 - th: ['colspan', 'rowspan', 'align'], 147 - td: ['colspan', 'rowspan', 'align'], 148 - h3: ['id', 'data-level', 'align'], 149 - h4: ['id', 'data-level', 'align'], 150 - h5: ['id', 'data-level', 'align'], 151 - h6: ['id', 'data-level', 'align'], 152 - blockquote: ['data-callout'], 153 - details: ['open'], 154 - code: ['class'], 155 - pre: ['class', 'style'], 156 - span: ['class', 'style'], 157 - div: ['class', 'style', 'align'], 158 - p: ['align'], 142 + '*': ['id'], // Allow id on all tags 143 + 'a': ['href', 'title', 'target', 'rel'], 144 + 'img': ['src', 'alt', 'title', 'width', 'height', 'align'], 145 + 'source': ['src', 'srcset', 'type', 'media'], 146 + 'button': ['class', 'title', 'type', 'aria-label', 'data-copy'], 147 + 'th': ['colspan', 'rowspan', 'align'], 148 + 'td': ['colspan', 'rowspan', 'align'], 149 + 'h3': ['data-level', 'align'], 150 + 'h4': ['data-level', 'align'], 151 + 'h5': ['data-level', 'align'], 152 + 'h6': ['data-level', 'align'], 153 + 'blockquote': ['data-callout'], 154 + 'details': ['open'], 155 + 'code': ['class'], 156 + 'pre': ['class', 'style'], 157 + 'span': ['class', 'style'], 158 + 'div': ['class', 'style', 'align'], 159 + 'p': ['align'], 159 160 } 160 161 161 162 // GitHub-style callout types ··· 397 398 398 399 const rawHtml = marked.parse(content) as string 399 400 401 + // Helper to prefix id attributes with 'user-content-' 402 + const prefixId = (tagName: string, attribs: sanitizeHtml.Attributes) => { 403 + if (attribs.id && !attribs.id.startsWith('user-content-')) { 404 + attribs.id = `user-content-${attribs.id}` 405 + } 406 + return { tagName, attribs } 407 + } 408 + 400 409 const sanitized = sanitizeHtml(rawHtml, { 401 410 allowedTags: ALLOWED_TAGS, 402 411 allowedAttributes: ALLOWED_ATTR, ··· 436 445 } 437 446 return { tagName, attribs } 438 447 }, 448 + div: prefixId, 449 + p: prefixId, 450 + span: prefixId, 451 + section: prefixId, 452 + article: prefixId, 439 453 }, 440 454 }) 441 455