README
hast-util-raw
hast utility to parse the tree again, now supporting
embedded raw
nodes.
One of the reasons to do this is for “malformed” syntax trees: for example, say
there’s an h1
element in a p
element, this utility will make them siblings.
Another reason to do this is if raw HTML/XML is embedded in a syntax tree, which
can occur when coming from Markdown using mdast-util-to-hast
.
If you’re working with remark and/or
remark-rehype
, use rehype-raw
instead.
Install
This package is ESM only:
Node 12+ is needed to use it and it must be import
ed instead of require
d.
npm:
npm install hast-util-raw
Use
import {h} from 'hastscript'
import {raw} from 'hast-util-raw'
const tree = h('div', [h('h1', ['Foo ', h('h2', 'Bar'), ' Baz'])])
const reformatted = raw(tree)
console.log(reformatted)
Yields:
{ type: 'element',
tagName: 'div',
properties: {},
children:
[ { type: 'element',
tagName: 'h1',
properties: {},
children: [Object] },
{ type: 'element',
tagName: 'h2',
properties: {},
children: [Object] },
{ type: 'text', value: ' Baz' } ] }
API
This package exports the following identifiers: raw
.
There is no default export.
raw(tree[, file][, options])
Given a hast tree and an optional vfile (for positional info), return a new parsed-again hast tree.
options.passThrough
List of custom hast node types to pass through (keep) in hast
(Array.<string>
, default: []
).
If the passed through nodes have children, those children are expected to be
hast and will be handled.
Security
Use of hast-util-raw
can open you up to a cross-site scripting (XSS)
attack as raw
nodes are unsafe.
The following example shows how a raw node is used to inject a script that runs
when loaded in a browser.
raw(u('root', [u('raw', '<script>alert(1)</script>')]))
Yields:
<script>alert(1)</script>
Do not use this utility in combination with user input or use
hast-util-santize
.
Related
mdast-util-to-hast
— transform mdast to hastrehype-raw
— wrapper plugin for rehype
Contribute
See contributing.md
in syntax-tree/.github
for ways to get
started.
See support.md
for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.