| .. | |||
| node_modules/parse5 | Loading last commit info... | ||
| types | |||
| index.js | |||
| license | |||
| package.json | |||
| readme.md | |||
hast-util-raw
[
]build
[
]coverage
[
]downloads
[
]size
[
]collective
[
]collective
[
]chat
hast utility to parse the tree again, now supporting
embedded raw nodes.
One of the reasons to do this is for “malformed” syntax trees: for example, say
there’s an h1 element in a p element, this utility will make them siblings.
Another reason to do this is if raw HTML/XML is embedded in a syntax tree, which
can occur when coming from Markdown using mdast-util-to-hast.
If you’re working with remark and/or
remark-rehype, use rehype-raw instead.
Install
npm:
npm install hast-util-raw
Use
var h = require('hastscript')
var raw = require('hast-util-raw')
var tree = h('div', [h('h1', ['Foo ', h('h2', 'Bar'), ' Baz'])])
var clean = raw(tree)
console.log(clean)
Yields:
{ type: 'element',
tagName: 'div',
properties: {},
children:
[ { type: 'element',
tagName: 'h1',
properties: {},
children: [Object] },
{ type: 'element',
tagName: 'h2',
properties: {},
children: [Object] },
{ type: 'text', value: ' Baz' } ] }
API
raw(tree[, file])
Given a hast tree and an optional vfile (for positional info), return a new parsed-again hast tree.
Security
Use of hast-util-raw can open you up to a cross-site scripting (XSS)
attack as raw nodes are unsafe.
The following example shows how a raw node is used to inject a script that runs
when loaded in a browser.
raw(u('root', [u('raw', '<script>alert(1)</script>')]))
Yields:
<script>alert(1)</script>
Do not use this utility in combination with user input or use
hast-util-santize.
Related
mdast-util-to-hast— transform mdast to hastrehype-raw— wrapper plugin for rehype
Contribute
See contributing.md in syntax-tree/.github for ways to get
started.
See support.md for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.