unified

Project: syntax-tree/hast-util-raw

Package: hast-util-raw@7.0.0

  1. Dependencies: 0·Dependents: 24
  2. hast utility to reparse a tree
  1. util 137
  2. utility 133
  3. unist 121
  4. html 112
  5. hast 61
  6. hast-util 40
  7. parse 21
  8. raw 3

hast-util-raw

Build Coverage Downloads Size Sponsors Backers Chat

hast utility to parse the tree again, now supporting embedded raw nodes.

One of the reasons to do this is for “malformed” syntax trees: for example, say there’s an h1 element in a p element, this utility will make them siblings.

Another reason to do this is if raw HTML/XML is embedded in a syntax tree, which can occur when coming from Markdown using mdast-util-to-hast.

If you’re working with remark and/or remark-rehype, use rehype-raw instead.

Install

This package is ESM only: Node 12+ is needed to use it and it must be imported instead of required.

npm:

npm install hast-util-raw

Use

import {h} from 'hastscript'
import {raw} from 'hast-util-raw'

var tree = h('div', [h('h1', ['Foo ', h('h2', 'Bar'), ' Baz'])])

var clean = raw(tree)

console.log(clean)

Yields:

{ type: 'element',
  tagName: 'div',
  properties: {},
  children:
   [ { type: 'element',
       tagName: 'h1',
       properties: {},
       children: [Object] },
     { type: 'element',
       tagName: 'h2',
       properties: {},
       children: [Object] },
     { type: 'text', value: ' Baz' } ] }

API

This package exports the following identifiers: raw. There is no default export.

raw(tree[, file][, options])

Given a hast tree and an optional vfile (for positional info), return a new parsed-again hast tree.

options.passThrough

List of custom hast node types to pass through (keep) in hast (Array.<string>, default: []). If the passed through nodes have children, those children are expected to be hast and will be handled.

Security

Use of hast-util-raw can open you up to a cross-site scripting (XSS) attack as raw nodes are unsafe. The following example shows how a raw node is used to inject a script that runs when loaded in a browser.

raw(u('root', [u('raw', '<script>alert(1)</script>')]))

Yields:

<script>alert(1)</script>

Do not use this utility in combination with user input or use hast-util-santize.

Contribute

See contributing.md in syntax-tree/.github for ways to get started. See support.md for ways to get help.

This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.

License

MIT © Titus Wormer