Overriding link renderer skips all the security work made by the default renderer

[nadouani]

Hello,

The following example (from repo's Readme) overrides the link renderer that is making a lot of escaping and sanitization work to avoid XSS issues.

app.config(['markedProvider', function (markedProvider) {
  markedProvider.setRenderer({
    link: function(href, title, text) {
      return "<a href='" + href + "'" + (title ? " title='" + title + "'" : '') + " target='_blank'>" + text + "</a>";
    }
  });
}]);

I don't find a way to customize the renderer by invoking the original link renderer of marked library.

Thanks