Skip to content

Commit

Permalink
Add docs for tagfilter option
Browse files Browse the repository at this point in the history
  • Loading branch information
wooorm committed Nov 14, 2024
1 parent ce4a081 commit 839c43a
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
11 changes: 11 additions & 0 deletions readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,17 @@ Configuration (TypeScript type).
— list of custom hast node types to pass through (as in, keep); this option
is a bit advanced as it requires knowledge of ASTs, so we defer to the docs
in [`hast-util-raw`][hast-util-raw]
* `tagfilter?` (`boolean | null | undefined`)
— whether to disallow irregular tags in `raw` nodes according to GFM
tagfilter (default: `false`);
this affects the following tags,
grouped by their kind:
`RAWTEXT` (`iframe`, `noembed`, `noframes`, `style`, `xmp`),
`RCDATA` (`textarea`, `title`),
`SCRIPT_DATA` (`script`),
`PLAINTEXT` (`plaintext`);
when you know that you do not want authors to write these tags,
you can enable this option to prevent their use from running amok.

## Types

Expand Down
11 changes: 11 additions & 0 deletions test.js
Original file line number Diff line number Diff line change
Expand Up @@ -46,4 +46,15 @@ A mix of *markdown* and <em>HTML</em>.
</div>`
)
})

await t.test('tagfilter', async function () {
const file = await unified()
.use(remarkParse)
.use(remarkRehype, {allowDangerousHtml: true})
.use(rehypeRaw, {tagfilter: true})
.use(rehypeStringify)
.process('<script>alert(1)</script>')

assert.equal(String(file), '&#x3C;script>alert(1)&#x3C;/script>')
})
})

0 comments on commit 839c43a

Please sign in to comment.