rob thijssen
8a7177a54a
ReactMarkdown was running with no plugins, so README headers full of raw <div align=center>, tables, <details>/<summary>, and other GFM markup rendered as escaped text. Wire in remark-gfm for tables and GFM features, rehype-raw for embedded HTML, and rehype-sanitize with an extended schema that permits README-typical tags and attributes (align, target, width/height, picture/source, etc.) while still blocking script/iframe/object — READMEs come from external repos so they need adversarial-input handling. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
77 KiB
77 KiB