micromark-extension-gfm-tagfilter
!Buildbuild-badgebuild
!Coveragecoverage-badgecoverage
!Downloadsdownloads-badgedownloads
!Sizesize-badgesize
!Sponsorssponsors-badgecollective
!Backersbackers-badgecollective
!Chatchat-badgechatmicromark extension to support GitHub flavored markdown (GFM) tag filter.
Contents
* [`gfmTagfilterHtml`](#gfmtagfilterhtml)
What is this?
This package is a micromark extension to add support for GFMs “tag filter”.When to use this
In many cases, when working with micromark, you’d want to usemicromark-extension-gfm
micromark-extension-gfm instead, which combines
this package with other GFM features.This package exists for completeness The tag filter is a naïve attempt at XSS protection. You should use a proper HTML sanitizing algorithm.
When working with syntax trees (mdast) or remark, use
rehype-sanitize
rehype-sanitize instead.Install
This package is ESM onlyesm. In Node.js (version 12.20+, 14.14+, or 16.0+), install with npm:npm install micromark-extension-gfm-tagfilter
In Deno with Skypack:
import {gfmTagfilterHtml} from 'https://cdn.skypack.dev/micromark-extension-gfm-tagfilter@1?dts'
In browsers with Skypack:
<script type="module">
import {gfmTagfilterHtml} from 'https://cdn.skypack.dev/micromark-extension-gfm-tagfilter@1?min'
</script>
Use
import {micromark} from 'micromark'
import {gfmTagfilterHtml} from 'micromark-extension-gfm-tagfilter'
const output = micromark('XSS! <script>alert(1)</script>', {
allowDangerousHtml: true,
htmlExtensions: [gfmTagfilterHtml]
})
console.log(output)
Yields:
<p>XSS! <script>alert(1)</script></p>
API
This package exports the following identifier:gfmTagfilterHtml
.
There is no default export.gfmTagfilterHtml
An extension to filter some HTML (script, plaintext, etc.) out when compiling
HTML (can be passed in htmlExtensions
).Types
This package is fully typed with TypeScript. There are no additional exported types.Compatibility
This package is at least compatible with all maintained versions of Node.js. As of now, that is Node.js 12.20+, 14.14+, and 16.0+. It also works in Deno and modern browsers.Security
While micromark is safe by default, this extension only does something whenallowDangerousHtml: true
is passed, which is an unsafe option.
This package is not safe.Related
— support GFM in mdast
— support GFM in remark
— sanitize HTML in rehype
Contribute
Seecontributing.md
in micromark/.github
contributing for ways to get
started.
See support.md
support for ways to get help.This project has a code of conductcoc. By interacting with this repository, organization, or community you agree to abide by its terms.