README
micromark-extension-gfm-tagfilter
micromark extension to support GitHub flavored markdown (GFM) tag filter.
Contents
- What is this?
- When to use this
- Install
- Use
- API
- Types
- Compatibility
- Security
- Related
- Contribute
- License
What is this?
This package is a micromark extension to add support for GFMs “tag filter”.
When to use this
In many cases, when working with micromark, you’d want to use
micromark-extension-gfm
instead, which combines
this package with other GFM features.
This package exists for completeness The tag filter is a naïve attempt at XSS protection. You should use a proper HTML sanitizing algorithm.
When working with syntax trees (mdast) or remark, use
rehype-sanitize
instead.
Install
This package is ESM only. In Node.js (version 12.20+, 14.14+, or 16.0+), install with npm:
npm install micromark-extension-gfm-tagfilter
In Deno with Skypack:
import {gfmTagfilterHtml} from 'https://cdn.skypack.dev/micromark-extension-gfm-tagfilter@1?dts'
In browsers with Skypack:
<script type="module">
import {gfmTagfilterHtml} from 'https://cdn.skypack.dev/micromark-extension-gfm-tagfilter@1?min'
</script>
Use
import {micromark} from 'micromark'
import {gfmTagfilterHtml} from 'micromark-extension-gfm-tagfilter'
const output = micromark('XSS! <script>alert(1)</script>', {
allowDangerousHtml: true,
htmlExtensions: [gfmTagfilterHtml]
})
console.log(output)
Yields:
<p>XSS! <script>alert(1)</script></p>
API
This package exports the following identifier: gfmTagfilterHtml
.
There is no default export.
gfmTagfilterHtml
An extension to filter some HTML (script, plaintext, etc.) out when compiling
HTML (can be passed in htmlExtensions
).
Types
This package is fully typed with TypeScript. There are no additional exported types.
Compatibility
This package is at least compatible with all maintained versions of Node.js. As of now, that is Node.js 12.20+, 14.14+, and 16.0+. It also works in Deno and modern browsers.
Security
While micromark is safe by default, this extension only does something when
allowDangerousHtml: true
is passed, which is an unsafe option.
This package is not safe.
Related
syntax-tree/mdast-util-gfm
— support GFM in mdastremarkjs/remark-gfm
— support GFM in remarkrehypejs/rehype-sanitize
— sanitize HTML in rehype
Contribute
See contributing.md
in micromark/.github
for ways to get
started.
See support.md
for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.