Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
mobiledoc-dom-renderer
Advanced tools
This is a DOM renderer for the Mobiledoc format used by Mobiledoc-Kit.
To learn more about Mobiledoc cards and renderers, see the Mobiledoc Cards docs.
The renderer is a small library intended for use in browser clients.
var mobiledoc = {
version: "0.3.0",
markups: ["B"],
atoms: [],
cards: [],
sections: [
[1, 'P', [ // array of markers
// marker
[ 0, // marker type 0 (standard text)
[0], // open markups (by index)
0, // close count
'hello world'
]
]
]
};
var renderer = new MobiledocDOMRenderer({cards: []});
var rendered = renderer.render(mobiledoc);
var result = rendered.result;
document.getElementById('output').appendChild(result);
// renders <div><p><b>hello world</b></b></div>
// into 'output' element
The Renderer constructor accepts a single object with the following optional properties:
cards
[array] - The list of card objects that the renderer may encounter in the mobiledocatoms
[array] - The list of atom objects that the renderer may encounter in the mobiledoccardOptions
[object] - Options to pass to cards and atoms when they are renderedunknownCardHandler
[function] - Will be called when any unknown card is enounteredunknownAtomHandler
[function] - Will be called when any unknown atom is enounteredsectionElementRenderer
[object] - A map of hooks for section element rendering.
tagName, dom
markupElementRenderer
[object] - A map of hooks for inline element rendering.
tagName, dom, attributes={}
dom
[object] - A native or SimpleDOM
implementation of the DOM.The return value from renderer.render(mobiledoc)
is an object with two properties:
result
[DOM Node] - The rendered resultteardown
[function] - When called, this function will tear down the rendered mobiledoc and call any teardown handlers that were registered by cards when they were renderedIn a browser, rendering to HTML is simple:
var renderer = new MobiledocDOMRenderer();
var rendered = renderer.render(mobiledoc);
var html = rendered.result.outerHTML;
However on the server in Node.js, native DOM APIs are not available. To make server-rendering easy, this DOM renderer is SimpleDOM compatible. You may pass an instance of a SimpleDOM document and serialize its output. For example:
var renderer = new MobiledocDOMRenderer({
dom: new SimpleDOM.Document()
});
var rendered = renderer.render(mobiledoc);
var serializer = new SimpleDOM.HTMLSerializer([]);
var html = serializer.serializeChildren(rendered.result);
This usage of the DOM renderer for rendering HTML has the advantage of allowing developers to easily implement cards that work in a server and client context.
Use this renderer option to customize what element is used when rendering a section.
var renderer = new MobiledocDOMRenderer({
sectionElementRenderer: {
P: function(_, dom) { return dom.createElement('span'); },
H1: function(_, dom) { return dom.createElement('h2'); },
H2: function(tagName, dom) {
var element = dom.createElement(tagName);
element.setAttribute('class', 'subheadline');
return element;
}
/* Valid keys are P, H1, H2, H3, H4, H5, H6, BLOCKQUOTE, ASIDE */
}
});
var rendered = renderer.render(mobiledoc);
Use this renderer option to customize what inline tags are used when rendering a section's content.
var renderer = new MobiledocDOMRenderer({
markupElementRenderer: {
B: function(_, dom) { return dom.createElement('strong'); },
A: function(tagName, dom, attrs={}) {
let element = dom.createElement(tagName);
for (let attr in attrs) {
element.setAttribute(attr, attrs[attr]);
}
element.setAttribute('rel', 'nofollow');
return element;
}
}
});
var rendered = renderer.render(mobiledoc);
Mobiledoc DOM Renderer sanitizes the href
attribute of 'A' markups, prefixing
the string unsafe:
on potentially unsafe urls. It determines an environment-
appropriate URL protocol parser. In rare cases it may be unable to determine one
(this can happen when running the renderer in a Node VM Sandbox, like ember-cli-
fastboot does), and will throw in that case. To fix this, you can provide a
custom markupElementRenderer for the 'A' tag that will be used instead of the
default.
npm test
npm start
and open http://localhost:4200/testsnp
(install with npm install -g np
)np <version>
(e.g. np 0.5.2
)git push --tags
<small>0.7.2 (2022-08-12)</small>
<a name="0.7.1"></a>
FAQs
Renders Mobiledoc input to DOM output
The npm package mobiledoc-dom-renderer receives a total of 4,266 weekly downloads. As such, mobiledoc-dom-renderer popularity was classified as popular.
We found that mobiledoc-dom-renderer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.