micromark-extension-gfm-tagfilter

micromark extension to support GFM tagfilter

Usage no npm install needed!

<script type="module">
  import micromarkExtensionGfmTagfilter from 'https://cdn.skypack.dev/micromark-extension-gfm-tagfilter';
</script>

README

micromark-extension-gfm-tagfilter

Build Coverage Downloads Size Sponsors Backers Chat

micromark extension to support GitHub flavored markdown (GFM) tag filter.

Contents

What is this?

This package is a micromark extension to add support for GFMs “tag filter”.

When to use this

In many cases, when working with micromark, you’d want to use micromark-extension-gfm instead, which combines this package with other GFM features.

This package exists for completeness The tag filter is a naïve attempt at XSS protection. You should use a proper HTML sanitizing algorithm.

When working with syntax trees (mdast) or remark, use rehype-sanitize instead.

Install

This package is ESM only. In Node.js (version 12.20+, 14.14+, or 16.0+), install with npm:

npm install micromark-extension-gfm-tagfilter

In Deno with Skypack:

import {gfmTagfilterHtml} from 'https://cdn.skypack.dev/micromark-extension-gfm-tagfilter@1?dts'

In browsers with Skypack:

<script type="module">
  import {gfmTagfilterHtml} from 'https://cdn.skypack.dev/micromark-extension-gfm-tagfilter@1?min'
</script>

Use

import {micromark} from 'micromark'
import {gfmTagfilterHtml} from 'micromark-extension-gfm-tagfilter'

const output = micromark('XSS! <script>alert(1)</script>', {
  allowDangerousHtml: true,
  htmlExtensions: [gfmTagfilterHtml]
})

console.log(output)

Yields:

<p>XSS! &lt;script>alert(1)&lt;/script></p>

API

This package exports the following identifier: gfmTagfilterHtml. There is no default export.

gfmTagfilterHtml

An extension to filter some HTML (script, plaintext, etc.) out when compiling HTML (can be passed in htmlExtensions).

Types

This package is fully typed with TypeScript. There are no additional exported types.

Compatibility

This package is at least compatible with all maintained versions of Node.js. As of now, that is Node.js 12.20+, 14.14+, and 16.0+. It also works in Deno and modern browsers.

Security

While micromark is safe by default, this extension only does something when allowDangerousHtml: true is passed, which is an unsafe option. This package is not safe.

Related

Contribute

See contributing.md in micromark/.github for ways to get started. See support.md for ways to get help.

This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.

License

MIT © Titus Wormer