Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

preact-parser

Package Overview
Dependencies
Maintainers
1
Versions
11
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

preact-parser - npm Package Compare versions

Comparing version 1.0.0 to 1.1.0

dist/index.d.ts
dist/index.es5.js

2

dist/model.d.ts

@@ -6,3 +6,3 @@ interface IElement {

tagRange: number[];
attributes?: object;
attributes?: any[];
textContent?: string;

@@ -9,0 +9,0 @@ childNodes?: IElement[];

10

package.json
{
"name": "preact-parser",
"version": "1.0.0",
"version": "1.1.0",
"repository": "git@github.com:jhukdev/preact-parser.git",

@@ -8,6 +8,7 @@ "author": "James Hill <contact@jameshill.dev>",

"private": false,
"main": "./dist/value.es5.js",
"types": "./dist/value.d.ts",
"main": "./dist/index.es5.js",
"types": "./dist/index.d.ts",
"keywords": [
"preact",
"parser",
"dangerouslySetInnerHTML",

@@ -18,3 +19,4 @@ "no danger",

"string",
"jsx"
"jsx",
"isomorphic"
],

@@ -21,0 +23,0 @@ "files": [

57

README.md
# preact-parser
COMING SOON
When dealing with HTML strings in Preact, our only real option is to use `dangerouslySetInnerHTML`. This is fine(-ish) if you 100% trust the contents of that HTML, but regardless, it opens up potential vectors for attack, problems and bugs. Ideally, we'd be able to sanitise, and convert this HTML into VDom nodes that can be natively rendered in the same manner as defined JSX or `h()` calls.
This lightweight package (**2KB** GZipped) accepts an HTML string (doesn't have to contain HTML, can be text), parses it, and returns a tree of VDom nodes ready to render by Preact. It can work both on the client (Dom Parser) and the server, so is ideal for isomorphic applications.
It automatically strips `<script />` tags, so you no longer have to worry about someone "accidentally" adding an `alert('Hello')` in your CMS / API of choice.
# Getting Started
Install with Yarn:
```bash
$ yarn add preact-parser
```
Install with NPM:
```bash
$ npm i preact-parser
```
# Using html()
`preact-parser` exports a single function, `html()`, that accepts a string of HTML or text, and can be used directly within your component trees. As mentioned above, in the browser it makes use of the native DOM parser, and on the server uses a tiny, efficient string parser.
For example:
```jsx
import { html } from 'preact-parser';
/*[...]*/
const htmlApiResponse = `
<p>Contrary to popular belief, Lorem Ipsum is not simply random text.</p>
<p>There are many variations of passages of Lorem Ipsum available</p>
<script>
alert('Gotcha!');
</script>
`;
/*[...]*/
function BlogContent() {
return <article class="content">{html(htmlApiResponse)}</article>;
}
```
When rendered, the above will output:
```html
<p>Contrary to popular belief, Lorem Ipsum is not simply random text.</p>
<p>There are many variations of passages of Lorem Ipsum available</p>
```
# Acknowledgement
The server side HTML string parser in this package takes inspiration from the fantastically fast `node-html-parser`. That package provides a full DOM representation, including methods, which was overkill for this. In order to keep the size of `preact-parser` to a minimum, we've made use of the excellent parsing function found there.
dist/value.d.ts
dist/value.es5.js
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc