micromark-extension-gfm-tagfilter
micromark extension to support GitHub flavored markdown tag filter. This extension matches the GFM spec and github.com. The tag filter is a rather naïve attempt at XSS protection. It’s much better to use a proper HTML sanitizing algorithm.
When to use this
You should probably use micromark-extension-gfm, which combines this package with other GFM features, instead. If for some weird reason you have to match GHs tagfilter, but not all the other GFM parts, use this package.
Install
This package is ESM only: Node 12+ is needed to use it and it must be imported instead of required.
npm:
npm install micromark-extension-gfm-tagfilter
Use
import {micromark} from 'micromark'
import {gfmTagfilterHtml} from 'micromark-extension-gfm-tagfilter'
const output = micromark('XSS! <script>alert(1)</script>', {
allowDangerousHtml: true,
htmlExtensions: [gfmTagfilterHtml]
})
console.log(output)
Yields:
<p>XSS! <script>alert(1)</script></p>
API
This package exports the following identifiers: gfmTagfilterHtml. There is no default export.
gfmTagfilterHtml
Support a tag filter (protection against script, plaintext, etc). The export is an extension for the micromark compiler to escape certain tag names (can be passed in htmlExtensions).
Related
remarkjs/remark— markdown processor powered by pluginsmicromark/micromark— the smallest commonmark-compliant markdown parser that existsmicromark/micromark-extension-gfm— micromark extension combining this with other GFM featuressyntax-tree/mdast-util-gfm— mdast utility to support GFMsyntax-tree/mdast-util-from-markdown— mdast parser usingmicromarkto create mdast from markdownsyntax-tree/mdast-util-to-markdown— mdast serializer to create markdown from mdast
Contribute
See contributing.md in micromark/.github for ways to get started. See support.md for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.