Security News
JavaScript Leaders Demand Oracle Release the JavaScript Trademark
In an open letter, JavaScript community leaders urge Oracle to give up the JavaScript trademark, arguing that it has been effectively abandoned through nonuse.
remark-html
Advanced tools
The remark-html package is a plugin for the remark processor that allows you to convert Markdown content into HTML. It is part of the unified collective, which provides a suite of tools for processing and transforming content.
Convert Markdown to HTML
This feature allows you to convert Markdown content into HTML. The code sample demonstrates how to use the remark processor with the remark-html plugin to transform a Markdown string into HTML.
const remark = require('remark');
const html = require('remark-html');
remark()
.use(html)
.process('# Hello World!', function (err, file) {
if (err) throw err;
console.log(String(file));
});
Customizing HTML Output
This feature allows you to customize the HTML output. In this example, the `sanitize` option is set to `false`, which means that HTML tags in the Markdown content will not be sanitized and will be included in the output.
const remark = require('remark');
const html = require('remark-html');
remark()
.use(html, { sanitize: false })
.process('# Hello <em>World</em>!', function (err, file) {
if (err) throw err;
console.log(String(file));
});
markdown-it is a fast and flexible Markdown parser that can be extended with plugins. It provides similar functionality to remark-html by converting Markdown to HTML, but it is known for its speed and extensibility.
marked is a low-level Markdown compiler that allows for fast and efficient conversion of Markdown to HTML. It is similar to remark-html in its core functionality but is designed to be a simple and fast solution.
showdown is a bidirectional Markdown to HTML converter written in JavaScript. It offers similar functionality to remark-html but also supports converting HTML back to Markdown, providing more flexibility in content transformation.
remark plugin to serialize Markdown as HTML.
⚠️ This package essentially packs
remark-rehype
andrehype-stringify
, and although it does support some customisation, it isn’t very pluggable. It’s probably smarter to useremark-rehype
directly and benefit from the rehype ecosystem.
This plugin is ready for the new parser in remark
(remarkjs/remark#536
).
The current and previous version of the plugin works with the current and
previous version of remark.
npm:
npm install remark-html
Say we have the following file, example.md
:
# Hello & World
> A block quote.
* Some _emphasis_, **importance**, and `code`.
And our script, example.js
, looks as follows:
var fs = require('fs')
var unified = require('unified')
var markdown = require('remark-parse')
var html = require('remark-html')
unified()
.use(markdown)
.use(html)
.process(fs.readFileSync('example.md'), function (err, file) {
if (err) throw err
console.log(String(file))
})
Now, running node example
yields:
<h1>Hello & World</h1>
<blockquote>
<p>A block quote.</p>
</blockquote>
<ul>
<li>Some <em>emphasis</em>, <strong>importance</strong>, and <code>code</code>.</li>
</ul>
remark().use(html[, options])
Serialize Markdown as HTML.
options
All options except for sanitize
and handlers
are passed to
hast-util-to-html
.
options.handlers
Object mapping mdast nodes to functions handling them.
This option is passed to mdast-util-to-hast
.
options.sanitize
How to sanitize the output (Object
or boolean
, default: true
):
false
— HTML is not sanitized, dangerous HTML persiststrue
— HTML is sanitized according to GitHub’s sanitation rules,
dangerous HTML is droppedObject
— the object is treated as a schema
for how to sanitize with
hast-util-sanitize
, dangerous HTML is droppedNote that raw HTML in Markdown cannot be sanitized, so it’s removed. A schema can still be used to allow certain values from integrations though. To support HTML in Markdown, use
rehype-raw
.
For example, to add strict sanitation but allowing className
s, use something
like:
// ...
var merge = require('deepmerge')
var github = require('hast-util-sanitize/lib/github')
var schema = merge(github, {attributes: {'*': ['className']}})
remark()
.use(html, {sanitize: schema})
.processSync(/* … */)
remark-html
works great with:
remark-autolink-headings
— Automatically add links to headings in Markdownremark-github
— Generate references to GitHub issues, PRs, users, and moreremark-highlight.js
— Highlight code blocksremark-html-emoji-image
— Transform emoji unicodes into html imagesremark-html-katex
— Transform math to HTML with KaTeXremark-math
— Math support for Markdown (inline and block)remark-midas
— Highlight CSS code with midasremark-toc
— Generate a Tables of ContentsAll mdast nodes can be compiled to HTML.
Unknown mdast nodes are compiled to div
nodes if they have children
or
text
nodes if they have value
.
In addition, remark-html can be told how to compile nodes through
three data
properties (more information):
hName
— Tag name to compile ashChildren
— HTML content to add (instead of children
and value
), in
hast
hProperties
— Map of properties to addFor example, the following node:
{
type: 'emphasis',
data: {
hName: 'i',
hProperties: {className: 'foo'},
hChildren: [{type: 'text', value: 'bar'}]
},
children: [{type: 'text', value: 'baz'}]
}
…would yield:
<i class="foo">bar</i>
Use of remark-html
is unsafe by default and opens you up to a
cross-site scripting (XSS) attack.
Pass sanitize: true
to prevent attacks.
Settings sanitize
to anything else may be unsafe.
See contributing.md
in remarkjs/.github
for ways
to get started.
See support.md
for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
FAQs
remark plugin to compile Markdown to HTML
The npm package remark-html receives a total of 223,341 weekly downloads. As such, remark-html popularity was classified as popular.
We found that remark-html demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In an open letter, JavaScript community leaders urge Oracle to give up the JavaScript trademark, arguing that it has been effectively abandoned through nonuse.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.