Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
stricter-htmlparser2
Advanced tools
Fast & forgiving HTML/XML/RSS parser with stricter attribute parsing rules.
A forgiving HTML/XML/RSS parser. The parser can handle streams and provides a callback interface.
npm install 'stricter-htmlparser2'
A live demo of htmlparser2 is available here.
Attribute value without quote wrapped is not allowed.
<foo name=value />
// output
{
attribs: {
name: "",
value: ""
}
}
""" is allowed in attribute value.
<foo name="hello \"world" />
// output
{
attribs: {
name: "hello \\"world"
}
}
Record attributes key in a object that value is wrapped by single quote. The object is passed to onopentag
method of parser's domhandler through the third argument.
<foo name='{{flag ? "true" : "false"}}' title="title" class='hidden'> </foo>
// The third argument passed to onopentag:
{
name: true,
class: true
}
// If used with x-domhandler which is exported by this module, the parse result is like this:
{
type: "tag",
name: "foo",
attribs: {
name: "{{flag ? \"true\" : \"false\"}}",
title: "title",
class: "hidden"
},
singleQuoteAttribs: {
name: true,
class: true
},
selfClose: false
}
Add selfClose
flag to parsed node element.
Input:
<foo name='{{flag ? "true" : "false"}}' title="title" class='hidden' />
Parser code:
const {Parser, DomHandler} = require('stricter-htmlparser2');
const parser = new Parser(new DomHandler(), {}).end(inputStr);
Output
{
type: "tag",
name: "foo",
attribs: {
name: "{{flag ? \"true\" : \"false\"}}",
title: "title",
class: "hidden"
},
singleQuoteAttribs: {
name: true,
class: true
},
selfClose: true
}
var htmlparser = require("stricter-htmlparser2");
var parser = new htmlparser.Parser({
onopentag: function(name, attribs){
if(name === "script" && attribs.type === "text/javascript"){
console.log("JS! Hooray!");
}
},
ontext: function(text){
console.log("-->", text);
},
onclosetag: function(tagname){
if(tagname === "script"){
console.log("That's it?!");
}
}
}, {decodeEntities: true});
parser.write("Xyz <script type='text/javascript'>var foo = '<<bar>>';</ script>");
parser.end();
Output (simplified):
--> Xyz
JS! Hooray!
--> var foo = '<<bar>>';
That's it?!
Read more about the parser and its options in the wiki.
The DomHandler
(known as DefaultHandler
in the original htmlparser
module) produces a DOM (document object model) that can be manipulated using the DomUtils
helper.
The DomHandler
, while still bundled with this module, was moved to its own module. Have a look at it for further information.
new htmlparser.FeedHandler(function(<error> error, <object> feed){
...
});
Note: While the provided feed handler works for most feeds, you might want to use danmactough/node-feedparser, which is much better tested and actively maintained.
After having some artificial benchmarks for some time, @AndreasMadsen published his htmlparser-benchmark
, which benchmarks HTML parses based on real-world websites.
At the time of writing, the latest versions of all supported parsers show the following performance characteristics on Travis CI (please note that Travis doesn't guarantee equal conditions for all tests):
gumbo-parser : 34.9208 ms/file ± 21.4238
html-parser : 24.8224 ms/file ± 15.8703
html5 : 419.597 ms/file ± 264.265
htmlparser : 60.0722 ms/file ± 384.844
htmlparser2-dom: 12.0749 ms/file ± 6.49474
htmlparser2 : 7.49130 ms/file ± 5.74368
hubbub : 30.4980 ms/file ± 16.4682
libxmljs : 14.1338 ms/file ± 18.6541
parse5 : 22.0439 ms/file ± 15.3743
sax : 49.6513 ms/file ± 26.6032
This is a fork of the htmlparser
module. The main difference is that this is intended to be used only with node (it runs on other platforms using browserify). htmlparser2
was rewritten multiple times and, while it maintains an API that's compatible with htmlparser
in most cases, the projects don't share any code anymore.
The parser now provides a callback interface close to sax.js (originally targeted at readabilitySAX). As a result, old handlers won't work anymore.
The DefaultHandler
and the RssHandler
were renamed to clarify their purpose (to DomHandler
and FeedHandler
). The old names are still available when requiring htmlparser2
, your code should work as expected.
FAQs
Fast & forgiving HTML/XML/RSS parser with stricter attribute parsing rules.
The npm package stricter-htmlparser2 receives a total of 1,034 weekly downloads. As such, stricter-htmlparser2 popularity was classified as popular.
We found that stricter-htmlparser2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.