Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

remark-react

Package Overview
Dependencies
Maintainers
1
Versions
23
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

remark-react

Compile Markdown to React with remark

  • 2.0.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
17K
increased by4.77%
Maintainers
1
Weekly downloads
 
Created
Source

remark-react

Build Status

remark-react compiles markdown to React. Built on remark, an extensively tested and pluggable parser.

Why? Using innerHTML and dangerouslySetInnerHTML in React.js is a common cause of XSS attacks: user input can include script tags and other kinds of active content that reaches across domains and harms security. remark-react builds a DOM in React, using React.createElement: this means that you can display parsed & formatted Markdown content in an application without using dangerouslySetInnerHTML.

Installation

npm:

npm install remark-react

Table of Contents

Programmatic

remark.use(react, options)

Parameters

  • react — This plugin;
  • options (Object?) — See below.

Let’s say example.js looks as follows:

var React = require('react'),
    remark = require('remark'),
    reactRenderer = require('remark-react');

var App = React.createClass({
    getInitialState() {
        return { text: '# hello world' };
    },
    onChange(e) {
        this.setState({ text: e.target.value });
    },
    render() {
        return (<div>
            <textarea
                value={this.state.text}
                onChange={this.onChange} />
            <div id='preview'>
                {remark().use(reactRenderer).process(this.state.text)}
            </div>
        </div>);
    }
});

React.render(<App />, document.getElementById('app'));

Configuration

All options, including the options object itself, are optional:

  • entities (true, 'numbers', or 'escape', default: true) — How to encode non-ASCII and HTML-escape characters: the default generates named entities (& > &amp;); 'numbers' generates numbered entities (& > &#x26;), and 'escape' only encodes characters which are required by HTML to be escaped: &, <, >, ", ', and `, leaving non-ASCII characters untouched.

  • sanitize (boolean, default: false) — Whether or not to allow the use of HTML inside markdown.

  • remarkReactComponents (object, default: undefined) — Provides a way to override default elements (<a>, <p>, etc) by defining an object comprised of element: Component key-value pairs. For example, to output <MyLink> components instead of <a>, and <MyParagraph> instead of <p>:

    remarkReactComponents: {
      a: MyLink,
      p: MyParagraph
    }
    

These can passed to remark.use() as a second argument.

You can define these in .remarkrc or package.json files too. An example .remarkrc file could look as follows:

{
  "plugins": {
    "react": {
        "sanitize": false,
        "xhtml": false,
        "entities": "numbers"
    }
  },
  "settings": {
    "commonmark": true
  }
}

Where the object at plugins.react are the options for remark-react. The object at settings determines how remark parses markdown code. Read more about the latter on remark’s readme.

CommonMark

You still need to set commonmark: true in remark’s options

CommonMark support is a goal but not (yet) a necessity. There are some (roughly 115 of 550, relating to inline precedence, lists, emphasis and strongness) issues which I’d like to cover in the future. Note that this sounds like a lot, but they have to do with obscure differences which do not often occur in the real world. Read more on some of the reasoning in doc/commonmark.md.

Integrations

remark-react works great with:

All remark nodes can be compiled to HTML. In addition, remark-react looks for an attributes object on each node it compiles and adds the found properties as HTML attributes on the compiled tag.

License

MIT © Titus Wormer, modified by Tom MacWright and Mapbox

Keywords

FAQs

Package last updated on 23 Feb 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc