Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@closeio/autolinker
Advanced tools
Utility to automatically link the URLs, email addresses, phone numbers, hashtags, and mentions (Twitter, Instagram) in a given block of text/HTML
Because I had so much trouble finding a good auto-linking implementation out in the wild, I decided to roll my own. It seemed that everything I found out there was either an implementation that didn't cover every case, or was just limited in one way or another.
So, this utility attempts to handle everything. It:
href
attribute inside anchor (<a>) tags (or any other tag/attribute),
and will not accidentally wrap the inner text of an anchor tag with a
new one (which would cause doubly-nested anchor tags).Hope that this utility helps you as well!
Full API Docs: http://gregjacobs.github.io/Autolinker.js/api/
Live Example: http://gregjacobs.github.io/Autolinker.js/examples/live-example/
twitter
option removed, replaced with mention
(which accepts 'twitter'
and 'instagram' values)twitter
option) now defaults to
being turned off. Previously, Twitter handle matching was on by
default.replaceFn
option now called with just one argument: the Match
object (previously was called with two arguments: autolinker
and
match
)replaceFn
) TwitterMatch
replaced with
MentionMatch
, and MentionMatch.getType()
now returns 'mention'
instead of 'twitter'
replaceFn
) TwitterMatch.getTwitterHandle()
->
MentionMatch.getMention()
Simply clone or download the zip of the project, and link to either
dist/Autolinker.js
or dist/Autolinker.min.js
with a script tag:
<script src="path/to/Autolinker.min.js"></script>
Command line:
bower install Autolinker.js --save
Command Line:
npm install autolinker --save
JavaScript:
var Autolinker = require( 'autolinker' );
// note: npm wants an all-lowercase package name, but the utility is a class and
// should be aliased with a capital letter
Using the static link() method:
var linkedText = Autolinker.link( textToAutolink[, options] );
Using as a class:
var autolinker = new Autolinker( [ options ] );
var linkedText = autolinker.link( textToAutoLink );
Note: if using the same options to autolink multiple pieces of html/text, it is slightly more efficient to create a single Autolinker instance, and run the link() method repeatedly (i.e. use the "class" form above).
var linkedText = Autolinker.link( "Check out google.com", { className: "myLink" } );
// Produces: "Check out <a class="myLink myLink-url" href="http://google.com" target="_blank">google.com</a>"
These are the options which may be specified for linking. These are specified by providing an Object as the second parameter to Autolinker.link(). These include:
newWindow : Boolean
true
to have the links should open in a new window when clicked, false
otherwise. Defaults to true
.
urls : Boolean/Object
true
to have URLs auto-linked, false
to skip auto-linking of URLs.
Defaults to true
.
This option also accepts an Object form with 3 properties to allow for
more customization of what exactly gets linked. All default to true
:
true
to match URLs found prefixed with a scheme,
i.e. http://google.com
, or other+scheme://google.com
, false
to
prevent these types of matches.true
to match urls found prefixed with 'www.'
,
i.e. www.google.com
. false
to prevent these types of matches. Note
that if the URL had a prefixed scheme, and schemeMatches
is true, it
will still be linked.true
to match URLs with known top level domains (.com, .net,
etc.) that are not prefixed with a scheme or 'www.'
. Ex: google.com
,
asdf.org/?page=1
, etc. false
to prevent these types of matches.
Example usage: urls: { schemeMatches: true, wwwMatches: true, tldMatches: false }
email : Boolean
true
to have email addresses auto-linked, false
to skip auto-linking of
email addresses. Defaults to true
.
phone : Boolean
true
to have phone numbers auto-linked, false
to skip auto-linking of
phone numbers. Defaults to true
.
mention : String
A string for the service name to have mentions (@username) auto-linked to. Supported
values at this time are 'twitter', and 'instagram'. Pass false
to skip
auto-linking of mentions. Defaults to false
.
hashtag : Boolean/String
A string for the service name to have hashtags auto-linked to. Supported
values at this time are 'twitter', 'facebook' and 'instagram'. Pass false
to skip
auto-linking of hashtags. Defaults to false
.
stripPrefix : Boolean
true
to have the 'http://'
(or 'https://'
) and/or the 'www.'
stripped from the beginning of displayed links, false
otherwise.
Defaults to true
.
This option also accepts an Object form with 2 properties to allow for
more customization of what exactly is prevented from being displayed.
Both default to true
:
true
to prevent the scheme part of a URL match
from being displayed to the user. Example: 'http://google.com'
will be displayed as 'google.com'
. false
to not strip the
scheme. NOTE: Only an 'http://'
or 'https://'
scheme will be
removed, so as not to remove a potentially dangerous scheme (such
as 'file://'
or 'javascript:'
).true
to prevent the 'www.'
part of a URL match
from being displayed to the user. Ex: 'www.google.com'
will be
displayed as 'google.com'
. false
to not strip the 'www'
.stripTrailingSlash : Boolean
true
to remove the trailing slash from URL matches, false
to keep
the trailing slash. Example when true
: http://google.com/
will be
displayed as http://google.com
. Defaults to true
.
truncate : Number/Object
A number for how many characters long URLs/emails/Twitter handles/Twitter
hashtags should be truncated to inside the text of a link. If the match is
over the number of characters, it will be truncated to this length by
replacing the end of the string with a two period ellipsis ('..').
Example: a url like 'http://www.yahoo.com/some/long/path/to/a/file' truncated
to 25 characters may look like this: 'yahoo.com/some/long/pat..'
In the object form, both length
and location
may be specified to perform
truncation. Available options for location
are: 'end' (default), 'middle',
or 'smart'. Example usage:
truncate: { length: 32, location: 'middle' }
The 'smart' truncation option is for URLs where the algorithm attempts to strip out unnecessary parts of the URL (such as the 'www.', then URL scheme, hash, etc.) before trying to find a good point to insert the ellipsis if it is still too long. For details, see source code of: TruncateSmart
className : String
A CSS class name to add to the generated anchor tags. This class will be added
to all links, as well as this class plus "url"/"email"/"phone"/"hashtag"/"mention"/"twitter"/"instagram"
suffixes for styling url/email/phone/hashtag/mention links differently.
For example, if this config is provided as "myLink", then:
decodePercentEncoding: Boolean
true
to decode percent-encoded characters in URL matches, false
to keep
the percent-encoded characters.
Example when true
: https://en.wikipedia.org/wiki/San_Jos%C3%A9
will
be displayed as https://en.wikipedia.org/wiki/San_José
.
Defaults to true
.
replaceFn : Function
A function to use to programmatically make replacements of matches in the
input string, one at a time. See the section
Custom Replacement Function for
more details.
For example, if you wanted to disable links from opening in new windows, you could do:
var linkedText = Autolinker.link( "Check out google.com", { newWindow: false } );
// Produces: "Check out <a href="http://google.com">google.com</a>"
And if you wanted to truncate the length of URLs (while also not opening in a new window), you could do:
var linkedText = Autolinker.link( "http://www.yahoo.com/some/long/path/to/a/file", { truncate: 25, newWindow: false } );
// Produces: "<a href="http://www.yahoo.com/some/long/path/to/a/file">yahoo.com/some/long/pat..</a>"
One could update an entire DOM element that has unlinked text to auto-link them as such:
var myTextEl = document.getElementById( 'text' );
myTextEl.innerHTML = Autolinker.link( myTextEl.innerHTML );
Using the same pre-configured Autolinker instance in multiple locations of a codebase (usually by dependency injection):
var autolinker = new Autolinker( { newWindow: false, truncate: 25 } );
//...
autolinker.link( "Check out http://www.yahoo.com/some/long/path/to/a/file" );
// Produces: "Check out <a href="http://www.yahoo.com/some/long/path/to/a/file">yahoo.com/some/long/pat..</a>"
//...
autolinker.link( "Go to www.google.com" );
// Produces: "Go to <a href="http://www.google.com">google.com</a>"
A custom replacement function (replaceFn) may be provided to replace url/email/phone/mention/hashtag matches on an individual basis, based on the return from this function.
var input = "..."; // string with URLs, Email Addresses, Mentions (Twitter, Instagram), and Hashtags
var linkedText = Autolinker.link( input, {
replaceFn : function( match ) {
console.log( "href = ", match.getAnchorHref() );
console.log( "text = ", match.getAnchorText() );
switch( match.getType() ) {
case 'url' :
console.log( "url: ", match.getUrl() );
return true; // let Autolinker perform its normal anchor tag replacement
case 'email' :
var email = match.getEmail();
console.log( "email: ", email );
if( email === "my@own.address" ) {
return false; // don't auto-link this particular email address; leave as-is
} else {
return; // no return value will have Autolinker perform its normal anchor tag replacement (same as returning `true`)
}
case 'phone' :
console.log( "Phone Number: ", match.getNumber() );
return '<a href="http://newplace.to.link.phone.numbers.to/">' + match.getNumber() + '</a>';
case 'mention' :
console.log( "Mention: ", match.getMention() );
console.log( "Mention Service Name: ", match.getServiceName() );
return '<a href="http://newplace.to.link.mention.handles.to/">' + match.getMention() + '</a>';
case 'hashtag' :
console.log( "Hashtag: ", match.getHashtag() );
return '<a href="http://newplace.to.link.hashtag.handles.to/">' + match.getHashtag() + '</a>';
}
}
} );
var input = "..."; // string with URLs, Email Addresses, Mentions (Twitter, Instagram), and Hashtags
var linkedText = Autolinker.link( input, {
replaceFn : function( match ) {
console.log( "href = ", match.getAnchorHref() );
console.log( "text = ", match.getAnchorText() );
var tag = match.buildTag(); // returns an `Autolinker.HtmlTag` instance for an <a> tag
tag.setAttr( 'rel', 'nofollow' ); // adds a 'rel' attribute
tag.addClass( 'external-link' ); // adds a CSS class
tag.setInnerHtml( 'Click here!' ); // sets the inner html for the anchor tag
return tag;
}
} );
The replaceFn
is provided one argument:
A replacement of the match is made based on the return value of the function. The following return values may be provided:
undefined
), or true
(Boolean): Delegate back to
Autolinker to replace the match as it normally would.false
(Boolean): Do not replace the current match at all - leave as-is.The full API docs for Autolinker may be referenced at: http://gregjacobs.github.io/Autolinker.js/api/
http://gregjacobs.github.io/Autolinker.js/examples/live-example/
Pull requests definitely welcome.
gulp test
command to build/test (or alternatively, open the
tests/index.html
file to run the tests).dist/
folder after building/testing. These are only committed to the
repository for users downloading Autolinker via Bower. I will build
these files and assign them a version number when merging your PR.See Releases
FAQs
Utility to automatically link the URLs, email addresses, phone numbers, hashtags, and mentions (Twitter, Instagram) in a given block of text/HTML
We found that @closeio/autolinker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.