.. | |||
node_modules/parse5 | Loading last commit info... | ||
types | |||
index.js | |||
license | |||
package.json | |||
readme.md |
hast-util-raw
[]build
[
]coverage
[
]downloads
[
]size
[
]collective
[
]collective
[
]chat
hast utility to parse the tree again, now supporting
embedded raw
nodes.
One of the reasons to do this is for “malformed” syntax trees: for example, say
there’s an h1
element in a p
element, this utility will make them siblings.
Another reason to do this is if raw HTML/XML is embedded in a syntax tree, which
can occur when coming from Markdown using mdast-util-to-hast
.
If you’re working with remark and/or
remark-rehype
, use rehype-raw
instead.
Install
npm:
npm install hast-util-raw
Use
var h = require('hastscript')
var raw = require('hast-util-raw')
var tree = h('div', [h('h1', ['Foo ', h('h2', 'Bar'), ' Baz'])])
var clean = raw(tree)
console.log(clean)
Yields:
{ type: 'element',
tagName: 'div',
properties: {},
children:
[ { type: 'element',
tagName: 'h1',
properties: {},
children: [Object] },
{ type: 'element',
tagName: 'h2',
properties: {},
children: [Object] },
{ type: 'text', value: ' Baz' } ] }
API
raw(tree[, file])
Given a hast tree and an optional vfile (for positional info), return a new parsed-again hast tree.
Security
Use of hast-util-raw
can open you up to a cross-site scripting (XSS)
attack as raw
nodes are unsafe.
The following example shows how a raw node is used to inject a script that runs
when loaded in a browser.
raw(u('root', [u('raw', '<script>alert(1)</script>')]))
Yields:
<script>alert(1)</script>
Do not use this utility in combination with user input or use
hast-util-santize
.
Related
mdast-util-to-hast
— transform mdast to hastrehype-raw
— wrapper plugin for rehype
Contribute
See contributing.md
in syntax-tree/.github
for ways to get
started.
See support.md
for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.