rehype-external-links
!Buildbuild-badgebuild
!Coveragecoverage-badgecoverage
!Downloadsdownloads-badgedownloads
!Sizesize-badgesize
!Sponsorssponsors-badgecollective
!Backersbackers-badgecollective
!Chatchat-badgechatrehype plugin to add
rel
(and target
) to external links.Contents
* [`unified().use(rehypeExternalLinks[, options])`](#unifieduserehypeexternallinks-options)
* [`CreateContent`](#createcontent)
* [`CreateProperties`](#createproperties)
* [`CreateRel`](#createrel)
* [`CreateTarget`](#createtarget)
* [`Options`](#options)
* [`Target`](#target)
What is this?
This package is a unified (rehype) plugin to addrel
(and target
)
attributes to external links.
It is particularly useful when displaying user content on your reputable site,
because users could link to disreputable sources (spam, scams, etc), as search
engines and other bots will discredit your site for linking to them (or
legitimize their sites).
In short: linking to something signals trust, but you can’t trust users.
This plugin adds certain rel
attributes to prevent that from happening.unified is a project that transforms content with abstract syntax trees (ASTs). rehype adds support for HTML to unified. hast is the HTML AST that rehype uses. This is a rehype plugin that adds
rel
(and target
) to <a>
s in the AST.When should I use this?
This project is useful when you want to display user content from authors you don’t trust (such as comments), as they might include links you don’t endorse, on your website.Install
This package is ESM onlyesm. In Node.js (version 16+), install with npm:npm install rehype-external-links
In Deno with
esm.sh
esmsh:import rehypeExternalLinks from 'https://esm.sh/rehype-external-links@3'
In browsers with
esm.sh
esmsh:<script type="module">
import rehypeExternalLinks from 'https://esm.sh/rehype-external-links@3?bundle'
</script>
Use
Say our moduleexample.js
contains:import rehypeExternalLinks from 'rehype-external-links'
import remarkParse from 'remark-parse'
import remarkRehype from 'remark-rehype'
import rehypeStringify from 'rehype-stringify'
import {unified} from 'unified'
const file = await unified()
.use(remarkParse)
.use(remarkRehype)
.use(rehypeExternalLinks, {rel: ['nofollow']})
.use(rehypeStringify)
.process('[rehype](https://github.com/rehypejs/rehype)')
console.log(String(file))
…then running
node example.js
yields:<p><a href="https://github.com/rehypejs/rehype" rel="nofollow">rehype</a></p>
API
This package exports no identifiers. The default export isrehypeExternalLinks
api-rehype-external-links.unified().use(rehypeExternalLinks[, options])
Automatically add rel
(and target
?) to external links.Parameters
options
(Options
api-options, optional)
— configuration
Returns
Transform (Transformer
unified-transformer).Notes
You should likely not configuretarget
css-tricks.You should at least set
rel
to ['nofollow']
.
When using a target
, add noopener
and noreferrer
to avoid exploitation
of the window.opener
API.When using a
target
, you should set content
to adhere to accessibility
guidelines by giving users advanced warning when opening a new windowg201.CreateContent
Create a target for the element (TypeScript type).Parameters
element
(Element
hast-element)
— element to check
Returns
Content to add (Array<Node>
or Node
, optional).CreateProperties
Create properties for an element (TypeScript type).Parameters
element
(Element
hast-element)
— element to check
Returns
Properties to add (Properties
hast-properties, optional).CreateRel
Create a rel
for the element (TypeScript type).Parameters
element
(Element
hast-element)
— element to check
Returns
rel
to use (Array<string>
, optional).CreateTarget
Create a target
for the element (TypeScript type).Parameters
element
(Element
hast-element)
— element to check
Returns
target
to use (Target
api-target, optional).Options
Configuration (TypeScript type).Fields
content
(Array<Node>
,CreateContent
api-create-content, orNode
,
optional)
— content to insert at the end of external links; will be inserted in a
`<span>` element; useful for improving accessibility by giving users
advanced warning when opening a new window
contentProperties
(CreateProperties
api-create-properties or
[`Properties`][hast-properties], optional)
— properties to add to the `span` wrapping `content`
properties
(CreateProperties
api-create-properties or
[`Properties`][hast-properties], optional)
— properties to add to the link itself
protocols
(Array<string>
, default:['http', 'https']
)
— protocols to see as external, such as `mailto` or `tel`
rel
(Array<string>
,CreateRel
api-create-rel, orstring
,
default: `['nofollow']`)
— [link types][mdn-rel] to hint about the referenced documents; pass an
empty array (`[]`) to not set `rel`s on links; when using a `target`, add `noopener`
and `noreferrer` to avoid exploitation of the `window.opener` API
target
(CreateTarget
api-create-target orTarget
api-target,
optional)
— how to display referenced documents; the default (nothing) is to not set
`target`s on links
— extra test to define which external link elements are modified; any test
that can be given to `hast-util-is-element` is supported
Target
Target (TypeScript type).Type
type Target = '_blank' | '_parent' | '_self' | '_top'
Types
This package is fully typed with TypeScript. It exports the additional typesCreateContent
api-create-content,
CreateProperties
api-create-properties,
CreateRel
api-create-rel,
CreateTarget
api-create-target,
Options
api-options, and
Target
api-target.Compatibility
Projects maintained by the unified collective are compatible with maintained versions of Node.js.When we cut a new major release, we drop support for unmaintained versions of Node. This means we try to keep the current release line,
rehype-external-links@^3
,
compatible with Node.js 16.This plugin works with
rehype-parse
version 3+, rehype-stringify
version 3+,
rehype
version 4+, and unified
version 6+.Security
Improper use ofrehype-external-links
can open you up to a
cross-site scripting (XSS)xss attack.Either do not combine this plugin with user content or use
rehype-sanitize
rehype-sanitize.Contribute
Seecontributing.md
contributing in rehypejs/.github
health for ways
to get started.
See support.md
support for ways to get help.This project has a code of conductcoc. By interacting with this repository, organization, or community you agree to abide by its terms.