Security News
JavaScript Leaders Demand Oracle Release the JavaScript Trademark
In an open letter, JavaScript community leaders urge Oracle to give up the JavaScript trademark, arguing that it has been effectively abandoned through nonuse.
rehype-raw
Advanced tools
The rehype-raw npm package is a plugin for rehype that allows you to parse and rehype raw HTML within markdown content. It is particularly useful when you want to mix markdown with HTML and need the HTML to be processed as part of the rehype pipeline.
Parsing HTML inside Markdown
This code demonstrates how rehype-raw can be used to parse HTML tags embedded within Markdown content, allowing for complex content structures that mix Markdown and HTML seamlessly.
import unified from 'unified';
import markdown from 'remark-parse';
import remark2rehype from 'remark-rehype';
import raw from 'rehype-raw';
import html from 'rehype-stringify';
unified()
.use(markdown)
.use(remark2rehype, {allowDangerousHtml: true})
.use(raw)
.use(html)
.process('# Hello world!\n\n<div>**bold text** inside HTML</div>', function (err, file) {
console.log(String(file));
});
Similar to rehype-raw, rehype-sanitize is a rehype plugin used to clean HTML within the documents. While rehype-raw parses raw HTML for further processing, rehype-sanitize focuses on ensuring the HTML is safe from XSS attacks, providing a layer of security by filtering out unwanted HTML tags and attributes.
rehype plugin to parse the tree (and raw nodes) again, keeping positional info okay.
This package is a unified (rehype) plugin to parse a document again.
To understand how it works, requires knowledge of ASTs (specifically, hast).
This plugin passes each node and embedded raw HTML through an HTML parser
(parse5
), to recreate a tree exactly as how a browser would parse
it, while keeping the original data and positional info intact.
unified is a project that transforms content with abstract syntax trees (ASTs). rehype adds support for HTML to unified. hast is the HTML AST that rehype uses. This is a rehype plugin that parses the tree again.
This plugin is particularly useful when coming from markdown and wanting to
support HTML embedded inside that markdown (which requires passing
allowDangerousHtml: true
to remark-rehype
).
Markdown dictates how, say, a list item or emphasis can be parsed.
We can use that to turn the markdown syntax tree into an HTML syntax tree.
But markdown also dictates that things that look like HTML, are passed through
untouched, even when it just looks like XML but doesn’t really make sense, so we
can’t normally use these strings of “HTML” to create an HTML syntax tree.
This plugin can.
It can be used to take those strings of HTML and include them into the syntax
tree as actual nodes.
If your final result is HTML and you trust content, then “strings” are fine
(you can pass allowDangerousHtml: true
to rehype-stringify
, which passes
HTML through untouched).
But there are two main cases where a proper syntax tree is preferred:
This plugin is built on hast-util-raw
, which does the work on
syntax trees.
rehype focusses on making it easier to transform content by abstracting such
internals away.
This package is ESM only. In Node.js (version 12.20+, 14.14+, or 16.0+), install with npm:
npm install rehype-raw
In Deno with Skypack:
import rehypeRaw from 'https://cdn.skypack.dev/rehype-raw@6?dts'
In browsers with Skypack:
<script type="module">
import rehypeRaw from 'https://cdn.skypack.dev/rehype-raw@6?min'
</script>
Say we have the following markdown file example.md
:
<div class="note">
A mix of *markdown* and <em>HTML</em>.
</div>
And our module example.js
looks as follows:
import {read} from 'to-vfile'
import {unified} from 'unified'
import remarkParse from 'remark-parse'
import remarkRehype from 'remark-rehype'
import rehypeRaw from 'rehype-raw'
import rehypeDocument from 'rehype-document'
import rehypeFormat from 'rehype-format'
import rehypeStringify from 'rehype-stringify'
main()
async function main() {
const file = await unified()
.use(remarkParse)
.use(remarkRehype, {allowDangerousHtml: true})
.use(rehypeRaw)
.use(rehypeDocument, {title: '🙌'})
.use(rehypeFormat)
.use(rehypeStringify)
.process(await read('example.md'))
console.log(String(file))
}
Now running node example.js
yields:
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>🙌</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
<div class="note">
<p>A mix of <em>markdown</em> and <em>HTML</em>.</p>
</div>
</body>
</html>
This package exports no identifiers.
The default export is rehypeRaw
.
unified().use(rehypeRaw[, options])
Parse the tree (and raw nodes) again, keeping positional info okay.
options
Configuration (optional).
options.passThrough
This option is a bit advanced as it requires knowledge of ASTs, so we defer
to the documentation available in hast-util-raw
.
This package is fully typed with TypeScript.
It exports an Options
type, which specifies the interface of the accepted
options.
Projects maintained by the unified collective are compatible with all maintained versions of Node.js. As of now, that is Node.js 12.20+, 14.14+, and 16.0+. Our projects sometimes work with older versions, but this is not guaranteed.
This plugin works with rehype-parse
version 1+, rehype-stringify
version 1+,
rehype
version 1+, and unified
version 4+.
The allowDangerousHtml
option in remark-rehype
is dangerous, so defer
to that plugin on how to make it safe.
Otherwise, this plugin is safe.
See contributing.md
in rehypejs/.github
for ways
to get started.
See support.md
for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
FAQs
rehype plugin to reparse the tree (and raw nodes)
The npm package rehype-raw receives a total of 1,194,353 weekly downloads. As such, rehype-raw popularity was classified as popular.
We found that rehype-raw demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In an open letter, JavaScript community leaders urge Oracle to give up the JavaScript trademark, arguing that it has been effectively abandoned through nonuse.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.