diff options
author | John MacFarlane <jgm@berkeley.edu> | 2014-11-11 20:51:45 -0800 |
---|---|---|
committer | John MacFarlane <jgm@berkeley.edu> | 2014-11-11 20:51:45 -0800 |
commit | 32e92dee9363d9ef7674ae11234cecfd3ae560f9 (patch) | |
tree | ed65717ab11e31afac933ed03374a0e1080b9cb8 /README.md | |
parent | 1d24a153e234b458724d5d9ae8afd700b7025cb4 (diff) |
Added js usage example.
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 29 |
1 files changed, 18 insertions, 11 deletions
@@ -30,12 +30,28 @@ Scott Chacon and Ben Straub): The JavaScript implementation is a single JavaScript file, with -no dependencies, that can be linked to in an HTML page. A node -package is also available; it includes a command-line tool called +no dependencies, that can be linked to in an HTML page. Here +is a simple usage example: + +``` javascript +var reader = new commonmark.DocParser(); +var writer = new commonmark.HtmlRenderer(); +var parsed = reader.parse("Hello *world*"); +var result = writer.render(parsed); +``` + +A node package is also available; it includes a command-line tool called `commonmark`. [Try it now!](http://spec.commonmark.org/dingus.html) +**A note on security:** +Neither implementation attempts to sanitize link attributes or +raw HTML. If you use these libraries in applications that accept +untrusted user input, you must run the output through an HTML +sanitizer to protect against +[XSS attacks](http://en.wikipedia.org/wiki/Cross-site_scripting). + Installing ---------- @@ -89,15 +105,6 @@ or `make dingus` will start an interactive dingus you can use to play with the JavaScript implementation: -A note on security ------------------- - -Neither implementation attempts to sanitize link attributes or -raw HTML. If you use these libraries in applications that accept -untrusted user input, you must run the output through an HTML -sanitizer to protect against -[XSS attacks](http://en.wikipedia.org/wiki/Cross-site_scripting). - The spec -------- |