micromark-extension-gfm-tagfilter
Advanced tools
Comparing version 0.3.0 to 1.0.0
46
index.js
@@ -1,1 +0,45 @@ | ||
module.exports = require('./html') | ||
/** | ||
* @typedef {import('micromark-util-types').HtmlExtension} HtmlExtension | ||
* @typedef {import('micromark-util-types').Token} Token | ||
* @typedef {import('micromark-util-types').CompileContext} CompileContext | ||
*/ | ||
/** | ||
* An opening or closing tag, followed by a case-insensitive specific tag name, | ||
* followed by HTML whitespace, a greater than, or a slash. | ||
*/ | ||
const reFlow = | ||
/<(\/?)(iframe|noembed|noframes|plaintext|script|style|title|textarea|xmp)(?=[\t\n\f\r />])/gi | ||
/** | ||
* As HTML (text) parses tags separately (and v. strictly), we don’t need to be | ||
* global. | ||
*/ | ||
const reText = new RegExp('^' + reFlow.source, 'i') | ||
/** @type {HtmlExtension} */ | ||
export const gfmTagfilterHtml = { | ||
exit: { | ||
htmlFlowData(token) { | ||
exitHtmlData.call(this, token, reFlow) | ||
}, | ||
htmlTextData(token) { | ||
exitHtmlData.call(this, token, reText) | ||
} | ||
} | ||
} | ||
/** | ||
* @this {CompileContext} | ||
* @param {Token} token | ||
* @param {RegExp} filter | ||
*/ | ||
function exitHtmlData(token, filter) { | ||
let value = this.sliceSerialize(token) | ||
if (this.options.allowDangerousHtml) { | ||
value = value.replace(filter, '<$1$2') | ||
} | ||
this.raw(this.encode(value)) | ||
} |
{ | ||
"name": "micromark-extension-gfm-tagfilter", | ||
"version": "0.3.0", | ||
"version": "1.0.0", | ||
"description": "micromark extension to support GFM tagfilter", | ||
@@ -28,28 +28,33 @@ "license": "MIT", | ||
], | ||
"sideEffects": false, | ||
"type": "module", | ||
"main": "index.js", | ||
"types": "index.d.ts", | ||
"files": [ | ||
"index.js", | ||
"html.js" | ||
"index.d.ts", | ||
"index.js" | ||
], | ||
"dependencies": {}, | ||
"dependencies": { | ||
"micromark-util-types": "^1.0.0" | ||
}, | ||
"devDependencies": { | ||
"micromark": "~2.6.0", | ||
"nyc": "^15.0.0", | ||
"@types/tape": "^4.0.0", | ||
"c8": "^7.0.0", | ||
"micromark": "^3.0.0", | ||
"prettier": "^2.0.0", | ||
"remark-cli": "^8.0.0", | ||
"remark-preset-wooorm": "^7.0.0", | ||
"remark-cli": "^9.0.0", | ||
"remark-preset-wooorm": "^8.0.0", | ||
"rimraf": "^3.0.0", | ||
"tape": "^5.0.0", | ||
"xo": "^0.33.0" | ||
"type-coverage": "^2.0.0", | ||
"typescript": "^4.0.0", | ||
"xo": "^0.40.0" | ||
}, | ||
"scripts": { | ||
"build": "rimraf \"test/**/*.d.ts\" \"*.d.ts\" && tsc && type-coverage", | ||
"format": "remark . -qfo && prettier . -w --loglevel warn && xo --fix", | ||
"test-api": "node test", | ||
"test-coverage": "nyc --reporter lcov tape test/index.js", | ||
"test": "npm run format && npm run test-coverage" | ||
"test-api": "node --conditions development test/index.js", | ||
"test-coverage": "c8 --check-coverage --branches 100 --functions 100 --lines 100 --statements 100 --reporter lcov node --conditions development test/index.js", | ||
"test": "npm run build && npm run format && npm run test-coverage" | ||
}, | ||
"nyc": { | ||
"check-coverage": true, | ||
"lines": 100, | ||
"functions": 100, | ||
"branches": 100 | ||
}, | ||
"prettier": { | ||
@@ -65,3 +70,5 @@ "tabWidth": 2, | ||
"prettier": true, | ||
"esnext": false | ||
"rules": { | ||
"unicorn/prefer-node-protocol": "off" | ||
} | ||
}, | ||
@@ -72,3 +79,9 @@ "remarkConfig": { | ||
] | ||
}, | ||
"typeCoverage": { | ||
"atLeast": 100, | ||
"detail": true, | ||
"strict": true, | ||
"ignoreCatch": true | ||
} | ||
} |
@@ -12,11 +12,18 @@ # micromark-extension-gfm-tagfilter | ||
**[micromark][]** extension to support GitHub flavored markdown [tag filter][]. | ||
This syntax extension matches the GFM spec and github.com. | ||
This extension matches the GFM spec and github.com. | ||
The [tag filter][] is a rather naïve attempt at XSS protection. | ||
It’s much better to use a proper HTML sanitizing algorithm. | ||
This package provides the low-level modules for integrating with the micromark | ||
tokenizer and the micromark HTML compiler. | ||
## When to use this | ||
You should probably use [`micromark-extension-gfm`][micromark-extension-gfm], | ||
which combines this package with other GFM features, instead. | ||
If for some weird reason you *have* to match GHs tagfilter, but not all the | ||
other GFM parts, use this package. | ||
## Install | ||
This package is [ESM only](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c): | ||
Node 12+ is needed to use it and it must be `import`ed instead of `require`d. | ||
[npm][]: | ||
@@ -28,11 +35,32 @@ | ||
## Use | ||
```js | ||
import {micromark} from 'micromark' | ||
import {gfmTagfilterHtml} from 'micromark-extension-gfm-tagfilter' | ||
const output = micromark('XSS! <script>alert(1)</script>', { | ||
allowDangerousHtml: true, | ||
htmlExtensions: [gfmTagfilterHtml] | ||
}) | ||
console.log(output) | ||
``` | ||
Yields: | ||
```html | ||
<p>XSS! <script>alert(1)</script></p> | ||
``` | ||
## API | ||
### `html` | ||
This package exports the following identifiers: `gfmTagfilterHtml`. | ||
There is no default export. | ||
> Note: `html` is the default export. | ||
### `gfmTagfilterHtml` | ||
Support a [tag filter][] (protection against script, plaintext, etc). | ||
The export is an extension for the default HTML compiler (to escape certain | ||
tag names; can be passed in `htmlExtensions`). | ||
The export is an extension for the micromark compiler to escape certain tag | ||
names (can be passed in `htmlExtensions`). | ||
@@ -45,2 +73,6 @@ ## Related | ||
— the smallest commonmark-compliant markdown parser that exists | ||
* [`micromark/micromark-extension-gfm`][micromark-extension-gfm] | ||
— micromark extension combining this with other GFM features | ||
* [`syntax-tree/mdast-util-gfm`](https://github.com/syntax-tree/mdast-util-gfm) | ||
— mdast utility to support GFM | ||
* [`syntax-tree/mdast-util-from-markdown`][from-markdown] | ||
@@ -67,5 +99,5 @@ — mdast parser using `micromark` to create mdast from markdown | ||
[build-badge]: https://img.shields.io/travis/micromark/micromark-extension-gfm-tagfilter.svg | ||
[build-badge]: https://github.com/micromark/micromark-extension-gfm-tagfilter/workflows/main/badge.svg | ||
[build]: https://travis-ci.org/micromark/micromark-extension-gfm-tagfilter | ||
[build]: https://github.com/micromark/micromark-extension-gfm-tagfilter/actions | ||
@@ -92,3 +124,3 @@ [coverage-badge]: https://img.shields.io/codecov/c/github/micromark/micromark-extension-gfm-tagfilter.svg | ||
[chat]: https://github.com/micromark/unist/discussions | ||
[chat]: https://github.com/micromark/micromark/discussions | ||
@@ -116,1 +148,3 @@ [npm]: https://docs.npmjs.com/cli/install | ||
[tag filter]: https://github.github.com/gfm/#disallowed-raw-html-extension- | ||
[micromark-extension-gfm]: https://github.com/micromark/micromark-extension-gfm |
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
9270
44
0
145
Yes
1
11
+ Addedmicromark-util-types@^1.0.0
+ Addedmicromark-util-types@1.1.0(transitive)