rehype-sanitize
Advanced tools
Comparing version 4.0.0 to 5.0.0
22
index.js
@@ -1,12 +0,18 @@ | ||
'use strict' | ||
/** | ||
* @typedef {import('hast').Root} Root | ||
* @typedef {import('hast-util-sanitize').Schema} Options | ||
*/ | ||
var clean = require('hast-util-sanitize') | ||
import {sanitize as hastUtilSanitize, defaultSchema} from 'hast-util-sanitize' | ||
module.exports = sanitize | ||
export {defaultSchema} | ||
function sanitize(options) { | ||
return transformer | ||
function transformer(tree) { | ||
return clean(tree, options) | ||
} | ||
/** | ||
* Plugin to sanitize HTML. | ||
* | ||
* @type {import('unified').Plugin<[Options?] | void[], Root, Root>} | ||
*/ | ||
export default function rehypeSanitize(options = defaultSchema) { | ||
// @ts-expect-error: assume input `root` matches output root. | ||
return (tree) => hastUtilSanitize(tree, options) | ||
} |
{ | ||
"name": "rehype-sanitize", | ||
"version": "4.0.0", | ||
"version": "5.0.0", | ||
"description": "rehype plugin to sanitize HTML", | ||
@@ -26,39 +26,38 @@ "license": "MIT", | ||
], | ||
"types": "types/index.d.ts", | ||
"sideEffects": false, | ||
"type": "module", | ||
"main": "index.js", | ||
"types": "index.d.ts", | ||
"files": [ | ||
"types/index.d.ts", | ||
"index.d.ts", | ||
"index.js" | ||
], | ||
"dependencies": { | ||
"hast-util-sanitize": "^3.0.0" | ||
"@types/hast": "^2.0.0", | ||
"hast-util-sanitize": "^4.0.0", | ||
"unified": "^10.0.0" | ||
}, | ||
"devDependencies": { | ||
"browserify": "^16.0.0", | ||
"@types/tape": "^4.0.0", | ||
"browserify": "^17.0.0", | ||
"c8": "^7.0.0", | ||
"deepmerge": "^4.0.0", | ||
"dtslint": "^3.0.0", | ||
"nyc": "^15.0.0", | ||
"prettier": "^2.0.0", | ||
"rehype": "^11.0.0", | ||
"remark-cli": "^8.0.0", | ||
"remark-preset-wooorm": "^7.0.0", | ||
"rehype": "^12.0.0", | ||
"remark-cli": "^9.0.0", | ||
"remark-preset-wooorm": "^8.0.0", | ||
"rimraf": "^3.0.0", | ||
"tape": "^5.0.0", | ||
"tinyify": "^3.0.0", | ||
"xo": "^0.33.0" | ||
"type-coverage": "^2.0.0", | ||
"typescript": "^4.0.0", | ||
"xo": "^0.42.0" | ||
}, | ||
"scripts": { | ||
"format": "remark . -qfo && prettier . --write && xo --fix", | ||
"build-bundle": "browserify index.js -s rehypeSanitize > rehype-sanitize.js", | ||
"build-mangle": "browserify index.js -s rehypeSanitize -p tinyify > rehype-sanitize.min.js", | ||
"build": "npm run build-bundle && npm run build-mangle", | ||
"test-api": "node test", | ||
"test-coverage": "nyc --reporter lcov tape test.js", | ||
"test-types": "dtslint types", | ||
"test": "npm run format && npm run build && npm run test-coverage && npm run test-types" | ||
"build": "rimraf \"*.d.ts\" && tsc && type-coverage", | ||
"format": "remark . -qfo && prettier . -w --loglevel warn && xo --fix", | ||
"test-api": "node --conditions development test.js", | ||
"test-coverage": "c8 --check-coverage --branches 100 --functions 100 --lines 100 --statements 100 --reporter lcov node --conditions development test.js", | ||
"test": "npm run build && npm run format && npm run test-coverage" | ||
}, | ||
"nyc": { | ||
"check-coverage": true, | ||
"lines": 100, | ||
"functions": 100, | ||
"branches": 100 | ||
}, | ||
"prettier": { | ||
@@ -74,9 +73,4 @@ "tabWidth": 2, | ||
"prettier": true, | ||
"esnext": false, | ||
"rules": { | ||
"unicorn/string-content": "off", | ||
"import/no-extraneous-dependencies": "off" | ||
}, | ||
"ignores": [ | ||
"rehype-sanitize.js" | ||
"types/" | ||
] | ||
@@ -88,3 +82,9 @@ }, | ||
] | ||
}, | ||
"typeCoverage": { | ||
"atLeast": 100, | ||
"detail": true, | ||
"strict": true, | ||
"ignoreCatch": true | ||
} | ||
} |
@@ -15,2 +15,5 @@ # rehype-sanitize | ||
This package is [ESM only](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c): | ||
Node 12+ is needed to use it and it must be `import`ed instead of `require`d. | ||
[npm][]: | ||
@@ -40,18 +43,18 @@ | ||
And our script, `example.js`, looks as follows: | ||
And our module, `example.js`, looks as follows: | ||
```js | ||
var fs = require('fs') | ||
var rehype = require('rehype') | ||
var merge = require('deepmerge') | ||
var gh = require('hast-util-sanitize/lib/github') | ||
var sanitize = require('rehype-sanitize') | ||
import fs from 'node:fs' | ||
import {rehype} from 'rehype' | ||
import deepmerge from 'deepmerge' | ||
import rehypeSanitize, {defaultSchema} from 'rehype-sanitize' | ||
var schema = merge(gh, {tagNames: ['math', 'mi']}) | ||
const schema = deepmerge(defaultSchema, {tagNames: ['math', 'mi']}) | ||
const buf = fs.readFileSync('index.html') | ||
rehype() | ||
.data('settings', {fragment: true}) | ||
.use(sanitize, schema) | ||
.process(fs.readFileSync('index.html'), function(err, file) { | ||
if (err) throw err | ||
.use(rehypeSanitize, schema) | ||
.process(buf) | ||
.then((file) => { | ||
console.log(String(file)) | ||
@@ -76,4 +79,7 @@ }) | ||
### `rehype().use(sanitize[, schema])` | ||
This package exports the following identifiers: `defaultSchema`. | ||
The default export is `rehypeSanitize`. | ||
### `unified().use(rehypeSanitize[, schema])` | ||
Remove potentially dangerous things from HTML, or more correct: keep only the | ||
@@ -86,2 +92,3 @@ safe things in a document. | ||
The schema is documented in [`hast-util-sanitize`][schema]. | ||
The default schema is exported as `defaultSchema`. | ||
@@ -118,5 +125,5 @@ ## Security | ||
[build-badge]: https://img.shields.io/travis/rehypejs/rehype-sanitize.svg | ||
[build-badge]: https://github.com/rehypejs/rehype-sanitize/workflows/main/badge.svg | ||
[build]: https://travis-ci.org/rehypejs/rehype-sanitize | ||
[build]: https://github.com/rehypejs/rehype-sanitize/actions | ||
@@ -123,0 +130,0 @@ [coverage-badge]: https://img.shields.io/codecov/c/github/rehypejs/rehype-sanitize.svg |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
8489
29
166
Yes
3
14
+ Added@types/hast@^2.0.0
+ Addedunified@^10.0.0
+ Added@types/hast@2.3.10(transitive)
+ Added@types/unist@2.0.11(transitive)
+ Addedbail@2.0.2(transitive)
+ Addedextend@3.0.2(transitive)
+ Addedhast-util-sanitize@4.1.0(transitive)
+ Addedis-buffer@2.0.5(transitive)
+ Addedis-plain-obj@4.1.0(transitive)
+ Addedtrough@2.2.0(transitive)
+ Addedunified@10.1.2(transitive)
+ Addedunist-util-stringify-position@3.0.3(transitive)
+ Addedvfile@5.3.7(transitive)
+ Addedvfile-message@3.1.4(transitive)
- Removedhast-util-sanitize@3.0.2(transitive)
- Removedxtend@4.0.2(transitive)
Updatedhast-util-sanitize@^4.0.0