From 839c43a2b60ff29b5f1f4ee4758551ca3dd68b6d Mon Sep 17 00:00:00 2001
From: Titus Wormer <tituswormer@gmail.com>
Date: Thu, 14 Nov 2024 17:06:20 +0100
Subject: [PATCH] Add docs for `tagfilter` option

---
 readme.md | 11 +++++++++++
 test.js   | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/readme.md b/readme.md
index bf3365b..cebf4ae 100644
--- a/readme.md
+++ b/readme.md
@@ -174,6 +174,17 @@ Configuration (TypeScript type).
   — list of custom hast node types to pass through (as in, keep); this option
   is a bit advanced as it requires knowledge of ASTs, so we defer to the docs
   in [`hast-util-raw`][hast-util-raw]
+* `tagfilter?` (`boolean | null | undefined`)
+  — whether to disallow irregular tags in `raw` nodes according to GFM
+  tagfilter (default: `false`);
+  this affects the following tags,
+  grouped by their kind:
+  `RAWTEXT` (`iframe`, `noembed`, `noframes`, `style`, `xmp`),
+  `RCDATA` (`textarea`, `title`),
+  `SCRIPT_DATA` (`script`),
+  `PLAINTEXT` (`plaintext`);
+  when you know that you do not want authors to write these tags,
+  you can enable this option to prevent their use from running amok.
 
 ## Types
 
diff --git a/test.js b/test.js
index f913981..a97aacf 100644
--- a/test.js
+++ b/test.js
@@ -46,4 +46,15 @@ A mix of *markdown* and <em>HTML</em>.
 </div>`
     )
   })
+
+  await t.test('tagfilter', async function () {
+    const file = await unified()
+      .use(remarkParse)
+      .use(remarkRehype, {allowDangerousHtml: true})
+      .use(rehypeRaw, {tagfilter: true})
+      .use(rehypeStringify)
+      .process('<script>alert(1)</script>')
+
+    assert.equal(String(file), '&#x3C;script>alert(1)&#x3C;/script>')
+  })
 })