verstak

Commit Graph

Author	SHA1	Message	Date
mirivlad	c8c5531c0c	fix: internal verstak:// links in markdown preview now clickable Root cause: DOMPurify afterSanitizeAttributes hook was treating verstak:// links as blocked because hash-based href didnt match ALLOWED_SCHEMES regex. Fix: 1. afterSanitizeAttributes hook now checks data-verstak-href first and returns early for internal links - they never get blocked 2. Changed href from hash-based to about:blank (safe value that DOMPurify wont strip, unlike javascript:void(0)) 3. Click handler already uses data-verstak-href, not href Added unit test: markdown.test.js (27 tests for renderer.link output)	2026-06-15 12:15:42 +08:00

Author

SHA1

Message

Date

mirivlad

c8c5531c0c

fix: internal verstak:// links in markdown preview now clickable

Root cause: DOMPurify afterSanitizeAttributes hook was treating verstak://
links as blocked because hash-based href didnt match ALLOWED_SCHEMES regex.

Fix:
1. afterSanitizeAttributes hook now checks data-verstak-href first and
   returns early for internal links - they never get blocked
2. Changed href from hash-based to about:blank (safe value that
   DOMPurify wont strip, unlike javascript:void(0))
3. Click handler already uses data-verstak-href, not href

Added unit test: markdown.test.js (27 tests for renderer.link output)

2026-06-15 12:15:42 +08:00

1 Commits (c8c5531c0c993b46eb5f6a6b96823144e1cfe6b6)