micromark-extension-gfm-tagfilter
Advanced tools
Comparing version 0.3.0 to 1.0.0
46
index.js
@@ -1,1 +0,45 @@ | ||
| module.exports = require('./html') | ||
| /** | ||
| * @typedef {import('micromark-util-types').HtmlExtension} HtmlExtension | ||
| * @typedef {import('micromark-util-types').Token} Token | ||
| * @typedef {import('micromark-util-types').CompileContext} CompileContext | ||
| */ | ||
| /** | ||
| * An opening or closing tag, followed by a case-insensitive specific tag name, | ||
| * followed by HTML whitespace, a greater than, or a slash. | ||
| */ | ||
| const reFlow = | ||
| /<(\/?)(iframe|noembed|noframes|plaintext|script|style|title|textarea|xmp)(?=[\t\n\f\r />])/gi | ||
| /** | ||
| * As HTML (text) parses tags separately (and v. strictly), we don’t need to be | ||
| * global. | ||
| */ | ||
| const reText = new RegExp('^' + reFlow.source, 'i') | ||
| /** @type {HtmlExtension} */ | ||
| export const gfmTagfilterHtml = { | ||
| exit: { | ||
| htmlFlowData(token) { | ||
| exitHtmlData.call(this, token, reFlow) | ||
| }, | ||
| htmlTextData(token) { | ||
| exitHtmlData.call(this, token, reText) | ||
| } | ||
| } | ||
| } | ||
| /** | ||
| * @this {CompileContext} | ||
| * @param {Token} token | ||
| * @param {RegExp} filter | ||
| */ | ||
| function exitHtmlData(token, filter) { | ||
| let value = this.sliceSerialize(token) | ||
| if (this.options.allowDangerousHtml) { | ||
| value = value.replace(filter, '<$1$2') | ||
| } | ||
| this.raw(this.encode(value)) | ||
| } |
| { | ||
| "name": "micromark-extension-gfm-tagfilter", | ||
| "version": "0.3.0", | ||
| "version": "1.0.0", | ||
| "description": "micromark extension to support GFM tagfilter", | ||
@@ -28,28 +28,33 @@ "license": "MIT", | ||
| ], | ||
| "sideEffects": false, | ||
| "type": "module", | ||
| "main": "index.js", | ||
| "types": "index.d.ts", | ||
| "files": [ | ||
| "index.js", | ||
| "html.js" | ||
| "index.d.ts", | ||
| "index.js" | ||
| ], | ||
| "dependencies": {}, | ||
| "dependencies": { | ||
| "micromark-util-types": "^1.0.0" | ||
| }, | ||
| "devDependencies": { | ||
| "micromark": "~2.6.0", | ||
| "nyc": "^15.0.0", | ||
| "@types/tape": "^4.0.0", | ||
| "c8": "^7.0.0", | ||
| "micromark": "^3.0.0", | ||
| "prettier": "^2.0.0", | ||
| "remark-cli": "^8.0.0", | ||
| "remark-preset-wooorm": "^7.0.0", | ||
| "remark-cli": "^9.0.0", | ||
| "remark-preset-wooorm": "^8.0.0", | ||
| "rimraf": "^3.0.0", | ||
| "tape": "^5.0.0", | ||
| "xo": "^0.33.0" | ||
| "type-coverage": "^2.0.0", | ||
| "typescript": "^4.0.0", | ||
| "xo": "^0.40.0" | ||
| }, | ||
| "scripts": { | ||
| "build": "rimraf \"test/**/*.d.ts\" \"*.d.ts\" && tsc && type-coverage", | ||
| "format": "remark . -qfo && prettier . -w --loglevel warn && xo --fix", | ||
| "test-api": "node test", | ||
| "test-coverage": "nyc --reporter lcov tape test/index.js", | ||
| "test": "npm run format && npm run test-coverage" | ||
| "test-api": "node --conditions development test/index.js", | ||
| "test-coverage": "c8 --check-coverage --branches 100 --functions 100 --lines 100 --statements 100 --reporter lcov node --conditions development test/index.js", | ||
| "test": "npm run build && npm run format && npm run test-coverage" | ||
| }, | ||
| "nyc": { | ||
| "check-coverage": true, | ||
| "lines": 100, | ||
| "functions": 100, | ||
| "branches": 100 | ||
| }, | ||
| "prettier": { | ||
@@ -65,3 +70,5 @@ "tabWidth": 2, | ||
| "prettier": true, | ||
| "esnext": false | ||
| "rules": { | ||
| "unicorn/prefer-node-protocol": "off" | ||
| } | ||
| }, | ||
@@ -72,3 +79,9 @@ "remarkConfig": { | ||
| ] | ||
| }, | ||
| "typeCoverage": { | ||
| "atLeast": 100, | ||
| "detail": true, | ||
| "strict": true, | ||
| "ignoreCatch": true | ||
| } | ||
| } |
@@ -12,11 +12,18 @@ # micromark-extension-gfm-tagfilter | ||
| **[micromark][]** extension to support GitHub flavored markdown [tag filter][]. | ||
| This syntax extension matches the GFM spec and github.com. | ||
| This extension matches the GFM spec and github.com. | ||
| The [tag filter][] is a rather naïve attempt at XSS protection. | ||
| It’s much better to use a proper HTML sanitizing algorithm. | ||
| This package provides the low-level modules for integrating with the micromark | ||
| tokenizer and the micromark HTML compiler. | ||
| ## When to use this | ||
| You should probably use [`micromark-extension-gfm`][micromark-extension-gfm], | ||
| which combines this package with other GFM features, instead. | ||
| If for some weird reason you *have* to match GHs tagfilter, but not all the | ||
| other GFM parts, use this package. | ||
| ## Install | ||
| This package is [ESM only](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c): | ||
| Node 12+ is needed to use it and it must be `import`ed instead of `require`d. | ||
| [npm][]: | ||
@@ -28,11 +35,32 @@ | ||
| ## Use | ||
| ```js | ||
| import {micromark} from 'micromark' | ||
| import {gfmTagfilterHtml} from 'micromark-extension-gfm-tagfilter' | ||
| const output = micromark('XSS! <script>alert(1)</script>', { | ||
| allowDangerousHtml: true, | ||
| htmlExtensions: [gfmTagfilterHtml] | ||
| }) | ||
| console.log(output) | ||
| ``` | ||
| Yields: | ||
| ```html | ||
| <p>XSS! <script>alert(1)</script></p> | ||
| ``` | ||
| ## API | ||
| ### `html` | ||
| This package exports the following identifiers: `gfmTagfilterHtml`. | ||
| There is no default export. | ||
| > Note: `html` is the default export. | ||
| ### `gfmTagfilterHtml` | ||
| Support a [tag filter][] (protection against script, plaintext, etc). | ||
| The export is an extension for the default HTML compiler (to escape certain | ||
| tag names; can be passed in `htmlExtensions`). | ||
| The export is an extension for the micromark compiler to escape certain tag | ||
| names (can be passed in `htmlExtensions`). | ||
@@ -45,2 +73,6 @@ ## Related | ||
| — the smallest commonmark-compliant markdown parser that exists | ||
| * [`micromark/micromark-extension-gfm`][micromark-extension-gfm] | ||
| — micromark extension combining this with other GFM features | ||
| * [`syntax-tree/mdast-util-gfm`](https://github.com/syntax-tree/mdast-util-gfm) | ||
| — mdast utility to support GFM | ||
| * [`syntax-tree/mdast-util-from-markdown`][from-markdown] | ||
@@ -67,5 +99,5 @@ — mdast parser using `micromark` to create mdast from markdown | ||
| [build-badge]: https://img.shields.io/travis/micromark/micromark-extension-gfm-tagfilter.svg | ||
| [build-badge]: https://github.com/micromark/micromark-extension-gfm-tagfilter/workflows/main/badge.svg | ||
| [build]: https://travis-ci.org/micromark/micromark-extension-gfm-tagfilter | ||
| [build]: https://github.com/micromark/micromark-extension-gfm-tagfilter/actions | ||
@@ -92,3 +124,3 @@ [coverage-badge]: https://img.shields.io/codecov/c/github/micromark/micromark-extension-gfm-tagfilter.svg | ||
| [chat]: https://github.com/micromark/unist/discussions | ||
| [chat]: https://github.com/micromark/micromark/discussions | ||
@@ -116,1 +148,3 @@ [npm]: https://docs.npmjs.com/cli/install | ||
| [tag filter]: https://github.github.com/gfm/#disallowed-raw-html-extension- | ||
| [micromark-extension-gfm]: https://github.com/micromark/micromark-extension-gfm |
Fixed alerts
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by30.32%
9270
- Lines of code
- increased by83.33%
44
- Number of low quality alerts
- decreased by-100%
0
- Number of lines in readme file
- increased by30.63%
145
- Is type module
Yes
Worsened metrics
- Dependency count
- increased byInfinity%
1
- Dev dependency count
- increased by57.14%
11
Dependency changes
+ Addedmicromark-util-types@^1.0.0
+ Addedmicromark-util-types@1.1.0(transitive)