Skip to content

Releases: AUAggy/markdown-pdf-revived

Markdown PDF (Revived) 3.0.0

13 Jun 14:10
@AUAggy AUAggy
v3.0.0
31a4cf4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Markdown PDF (Revived) 3.0.0 Latest
Latest

Markdown PDF (Revived) 3.0.0

This release improves browser reliability and hardens CSS handling in exported documents.

Breaking Security Change

User-supplied <style> elements are now removed from PDF and HTML exports. Sanitized style="..." attributes remain supported.

Move trusted CSS into a workspace-local file:

"markdown-pdf.styles": [
  "styles/export.css"
]

Browser Reliability

  • Stable Chrome, Chromium, and Microsoft Edge are detected automatically.
  • Invalid configured browser paths fall back to system detection with actionable diagnostics.
  • HTML export works without a browser.
  • Linux launches sandbox-first and only retries without the sandbox for recognized sandbox-unavailable failures.
  • WSL requires a supported browser installed inside the Linux distribution.

Security and Maintenance

  • Inline <style> content cannot apply CSS or trigger network requests.
  • DOMPurify, Mermaid, and vulnerable transitive runtime dependencies were updated to patched versions.
  • The release pipeline now verifies Linux, Windows, macOS, and the packaged VSIX.
Assets 5
Loading

v2.1.0 — Security hardening

17 Mar 23:45
@AUAggy AUAggy
v2.1.0
1c99732
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.1.0 — Security hardening

Security hardening release. All local file access (images, stylesheets, includes) is now validated against the workspace root by default, blocking path traversal attacks.

Highlights

  • Path traversal blocked: Images, stylesheets, and file includes are restricted to the workspace root. Traversal attempts (../, symlinks, encoded variants) are blocked.
  • Safer PDF export: Temp files use unpredictable directories and are always cleaned up, even on failure.
  • Chromium sandbox on by default: --no-sandbox is no longer passed unconditionally. Linux falls back automatically only when the system reports sandbox unavailability.
  • Stronger HTML sanitization: All on* event attributes stripped, not just a hardcoded subset.

Breaking change

Local file references outside the workspace root are blocked by default. Set markdown-pdf.allowPathsOutsideWorkspace: true in settings to restore the previous behaviour.

See CHANGELOG.md for full details.

Loading

v2.0.1 — First public release

07 Mar 13:27
@AUAggy AUAggy
v2.0.1
4e39ff5

Choose a tag to compare

View all tags
v2.0.1 — First public release

A maintained fork of yzane/vscode-markdown-pdf, rewritten in TypeScript with a focus on privacy, offline rendering, and a smaller footprint.

Highlights

  • Privacy-first: PlantUML removed (sent source to plantuml.com). Mermaid diagrams render locally.
  • Security: DOMPurify sanitization patches CVE-2024-7739. Bundled Chromium with known CVEs replaced by system Chrome.
  • Smaller package: 10.6 MB. All JS dependencies bundled via esbuild.
  • New features: KaTeX math, footnotes, GitHub-style callouts, Mermaid async render fix, configurable timeout.
  • Cross-platform: Tested on macOS, Windows, and WSL.

See CHANGELOG.md for the full list of changes and MIGRATION.md for upgrade instructions from yzane/vscode-markdown-pdf.

Loading