Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

remark-vdom

Package Overview
Dependencies
Maintainers
2
Versions
21
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

remark-vdom

remark plugin to compile Markdown to VDOM

  • 9.0.1
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
2.7K
increased by96.6%
Maintainers
2
Weekly downloads
 
Created
Source

remark-vdom

Build Coverage Downloads Size Sponsors Backers Chat

remark plugin to compile Markdown to Virtual DOM.

  • Inherently safe and sanitized: there is no way to pass raw HTML through
  • Supports footnotes, todo lists
  • Support VNode keys
  • Custom components overwriting default elements (MyLink instead of <a>)

Install

npm:

npm install remark-vdom

Use

Say we have the following file, example.js:

var unified = require('unified')
var markdown = require('remark-parse')
var vdom = require('remark-vdom')

unified()
  .use(markdown)
  .use(vdom)
  .process('Some _emphasis_, **importance**, and `code`.', function(err, file) {
    if (err) throw err
    console.dir(file.result, {depth: null})
  })

Now, running node example yields:

VirtualNode {
  tagName: 'DIV',
  properties: { key: undefined },
  children: [
    VirtualNode {
      tagName: 'P',
      properties: { key: undefined },
      children: [
        VirtualText { text: 'Some ' },
        VirtualNode {
          tagName: 'EM',
          properties: { key: undefined },
          children: [ VirtualText { text: 'emphasis' } ],
          key: 'h-3',
          namespace: null,
          count: 1,
          hasWidgets: false,
          hasThunks: false,
          hooks: undefined,
          descendantHooks: false
        },
        VirtualText { text: ', ' },
        VirtualNode {
          tagName: 'STRONG',
          properties: { key: undefined },
          children: [ VirtualText { text: 'importance' } ],
          key: 'h-4',
          namespace: null,
          count: 1,
          hasWidgets: false,
          hasThunks: false,
          hooks: undefined,
          descendantHooks: false
        },
        VirtualText { text: ', and ' },
        VirtualNode {
          tagName: 'CODE',
          properties: { key: undefined },
          children: [ VirtualText { text: 'code' } ],
          key: 'h-5',
          namespace: null,
          count: 1,
          hasWidgets: false,
          hasThunks: false,
          hooks: undefined,
          descendantHooks: false
        },
        VirtualText { text: '.' }
      ],
      key: 'h-2',
      namespace: null,
      count: 10,
      hasWidgets: false,
      hasThunks: false,
      hooks: undefined,
      descendantHooks: false
    }
  ],
  key: 'h-1',
  namespace: null,
  count: 11,
  hasWidgets: false,
  hasThunks: false,
  hooks: undefined,
  descendantHooks: false
}

API

remark().use(vdom[, options])

Compile Markdown to Virtual DOM.

ℹ️ In unified@9.0.0, the result of .process changed from file.contents to file.result.

options
options.sanitize

How to sanitize the output (Object or boolean, default: null).

Sanitation is done by hast-util-sanitize, except when false is given. If an object is passed in, it’s given as a schema to sanitize. By default, input is sanitized according to GitHub’s sanitation rules.

Embedded HTML is always stripped.

For example, by default classNames are stripped. To keep them in, use something like:

var merge = require('deepmerge')
var gh = require('hast-util-sanitize/lib/github')

var schema = merge(gh, {attributes: {'*': ['className']}})

var vtree = remark()
  .use(vdom, {sanitize: schema})
  .processSync(/* ... */)
options.prefix

Optimization hint (string, default: h-).

options.h

Hyperscript to use (Function, default: require('virtual-dom/h')).

options.components

Map of tag names to custom components (Object.<Function>, optional). That component is invoked with tagName, props, and children. It can return any VDOM compatible value (such as VNode, VText, Widget). For example:

var components = {code: code}

function code(tagName, props, children) {
  // Ensure a default programming language is set.
  if (!props.className) {
    props.className = 'language-js'
  }

  return h(tagName, props, children)
}

Integrations

Integrates with the same tools as remark-html.

Security

Use of remark-vdom is safe by default, but changing the sanitize option can open you up to a cross-site scripting (XSS) attack if the tree is unsafe.

Related

Contribute

See contributing.md in remarkjs/.github for ways to get started. See support.md for ways to get help.

This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.

License

MIT © Titus Wormer

Keywords

FAQs

Package last updated on 30 Mar 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List

Security News

Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List

MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.

By Sarah Gooding  -  Nov 22, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc