micromark-extension-gfm-tagfilter

micromark extension to support GFM tagfilter

Downloads in past

Stats

StarsIssuesVersionUpdatedCreatedSize
micromark-extension-gfm-tagfilter
101.0.1a year ago2 years agoMinified + gzip package size for micromark-extension-gfm-tagfilter in KB

Readme

micromark-extension-gfm-tagfilter
!Buildbuild-badgebuild !Coveragecoverage-badgecoverage !Downloadsdownloads-badgedownloads !Sizesize-badgesize !Sponsorssponsors-badgecollective !Backersbackers-badgecollective !Chatchat-badgechat
micromark extension to support GitHub flavored markdown (GFM) tag filter.

Contents

*   [`gfmTagfilterHtml`](#gfmtagfilterhtml)

What is this?

This package is a micromark extension to add support for GFMs “tag filter”.

When to use this

In many cases, when working with micromark, you’d want to use micromark-extension-gfmmicromark-extension-gfm instead, which combines this package with other GFM features.
This package exists for completeness The tag filter is a naïve attempt at XSS protection. You should use a proper HTML sanitizing algorithm.
When working with syntax trees (mdast) or remark, use rehype-sanitizerehype-sanitize instead.

Install

This package is ESM onlyesm. In Node.js (version 12.20+, 14.14+, or 16.0+), install with npm:
npm install micromark-extension-gfm-tagfilter

In Deno with Skypack:
import {gfmTagfilterHtml} from 'https://cdn.skypack.dev/micromark-extension-gfm-tagfilter@1?dts'

In browsers with Skypack:
<script type="module">
  import {gfmTagfilterHtml} from 'https://cdn.skypack.dev/micromark-extension-gfm-tagfilter@1?min'
</script>

Use

import {micromark} from 'micromark'
import {gfmTagfilterHtml} from 'micromark-extension-gfm-tagfilter'

const output = micromark('XSS! <script>alert(1)</script>', {
  allowDangerousHtml: true,
  htmlExtensions: [gfmTagfilterHtml]
})

console.log(output)

Yields:
<p>XSS! <script>alert(1)</script></p>

API

This package exports the following identifier: gfmTagfilterHtml. There is no default export.

gfmTagfilterHtml

An extension to filter some HTML (script, plaintext, etc.) out when compiling HTML (can be passed in htmlExtensions).

Types

This package is fully typed with TypeScript. There are no additional exported types.

Compatibility

This package is at least compatible with all maintained versions of Node.js. As of now, that is Node.js 12.20+, 14.14+, and 16.0+. It also works in Deno and modern browsers.

Security

While micromark is safe by default, this extension only does something when allowDangerousHtml: true is passed, which is an unsafe option. This package is not safe.

Related

— support GFM in mdast
— support GFM in remark
— sanitize HTML in rehype

Contribute

See contributing.md in micromark/.githubcontributing for ways to get started. See support.mdsupport for ways to get help.
This project has a code of conductcoc. By interacting with this repository, organization, or community you agree to abide by its terms.

License

MITlicense © Titus Wormerauthor