fix: handle URIError when HTML attributes contain % character

[Copilot]

Parsing HTML with attributes containing % (e.g., width="100%") throws URIError: URI malformed in v9. The decodeURIComponent() call in parseHTMLAttributes wasn't wrapped in try-catch.

Changes

• Wrap decodeURIComponent(attrs) in try-catch to handle invalid URI encodings gracefully
• Add early-exit when no % present (perf optimization)
• Add regression tests for % in attribute values

Example

// Previously threw URIError
<Markdown options={{ tagfilter: false }}>
  {`<iframe src="https://example.com" width="100%"></iframe>`}
</Markdown>

// Now parses correctly with attrs: { src: "...", width: "100%" }

Security sanitization for malicious content (javascript: URLs, etc.) remains intact.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>URIError: URI malformed when HTML attributes contain % character (v9)</issue_title>
<issue_description>Description
After upgrading from v8 to v9, parsing HTML with attributes containing the % character (e.g. width="100%") throws a URIError. This worked correctly in v8.

Reproduction

import Markdown from 'markdown-to-jsx';

// This throws URIError
<Markdown options={{ tagfilter: false }}>
  {`<iframe src="https://example.com" width="100%"></iframe>`}
</Markdown>

// This works fine
<Markdown options={{ tagfilter: false }}>
  {`<iframe src="https://example.com" width="100px"></iframe>`}
</Markdown>

Error

parse.ts:625 Uncaught URIError: URI malformed
    at decodeURIComponent (<anonymous>)
    at o1 (parse.ts:625:28)
    at JZ (parse.ts:6984:29)
    at w (parse.ts:849:22)
    at e1 (parse.ts:1176:11)
    at parse.ts:2279:5
    at ZZ (parse.ts:6200:12)
    at fG (parse.ts:2278:10)
    at LZ (parse.ts:3134:20)
    at SG (parse.ts:9057:29)

Expected behavior
The iframe should render with width="100%" as it did in v8.

Actual behavior
decodeURIComponent is called on the attribute value 100%, and since % is not followed by valid hex digits, it throws URIError: URI malformed.

Environment
markdown-to-jsx version: 9.3.3
React version: 19.0.0
Browser: Chrome v142.0.7444.176, Firefox v146.0</issue_description>

<agent_instructions>Ensure you add a changeset when you're done. Check .cursor/rules for instructions.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@quantizor Thank you for reporting!

• Fixes URIError: URI malformed when HTML attributes contain % character (v9) #753

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Note

Safely handles '%' in HTML attribute strings during sanitization to avoid URIError, with regression tests added and a patch changeset.

• Parsing/Sanitization:
  • Update parseHTMLAttributes in src/parse.ts to guard decodeURIComponent with conditional % check and try/catch; fallback to raw regex when no %, preserving sanitization and preventing exceptions.
• Tests:
  • Add regression tests in src/parse.spec.ts for parsing HTML with % in attributes via parser and parseHTMLTag (e.g., <iframe ... width="100%">).
• Changeset:
  • Add .changeset/fix-urierror-html-attributes.md (patch) documenting the bugfix.

^{Written by Cursor Bugbot for commit 0edf88e. This will update automatically on new commits. Configure here.}

[changeset-bot]

🦋 Changeset detected

Latest commit: 0edf88e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
markdown-to-jsx	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR