From e6fba02509fe3550e8f1a6a4a2a3b76cb1e639cc Mon Sep 17 00:00:00 2001
From: Saeed <msn698@users.noreply.github.com>
Date: Mon, 30 Mar 2026 21:01:11 +0000
Subject: [PATCH] fix(preview): disable raw HTML rendering and secure outbound
 links

---
 components/slides/Preview.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/components/slides/Preview.js b/components/slides/Preview.js
index 8e043c4..f59595b 100644
--- a/components/slides/Preview.js
+++ b/components/slides/Preview.js
@@ -10,7 +10,7 @@ export default function Preview({ back }) {
   const [downloadAlertVisible, setDownloadAlertVisible] = useState(false);
   const gprmStore = useGPRMStore();
   var md = require("markdown-it")({
-    html: true,
+    html: false,
     linkify: true,
     typographer: true,
     breaks: true,
@@ -35,8 +35,9 @@ export default function Preview({ back }) {
       // Checking if elements exists
       if (links.length > 0) {
         links.forEach((link) => {
-          // adding attribute target
+          // adding secure link attributes
           link.setAttribute("target", "_blank");
+          link.setAttribute("rel", "noopener noreferrer nofollow");
         });
       }
     }, 300);