micromark-extension-gfm-tagfilter

[![Build][build-badge]][build]
[![Coverage][coverage-badge]][coverage]
[![Downloads][downloads-badge]][downloads]
[![Size][size-badge]][size]
[![Sponsors][sponsors-badge]][collective]
[![Backers][backers-badge]][collective]
[![Chat][chat-badge]][chat]

[micromark][] extension to support GFM [tag filter][].

* What is this?
* When to use this
* Install
* Use
* API
* gfmTagfilterHtml()
* Authoring
* HTML
* CSS
* Syntax
* Types
* Compatibility
* Security
* Related
* Contribute
* License

What is this?

This package contains an extension that adds support for the tagfilter enabled
by GFM to [micromark][micromark].
The tagfilter is kinda weird and kinda useless.
This package exists for completeness.
The tag filter is a naïve attempt at XSS protection.
You should use a proper HTML sanitizing algorithm.

When to use this

This project is useful when you want to match how GitHub works.
You can use this extension when you are working with [micromark][micromark]
already.
When you do, you can instead use
[micromark-extension-gfm][micromark-extension-gfm], which includes this
extension, to support all GFM features.

When you want to deal with syntax trees, you should instead use
[hast-util-sanitize][hast-util-sanitize].

When you use remark and rehype, you should use
[rehype-sanitize][rehype-sanitize].

Install

This package is [ESM only][esm].
In Node.js (version 16+), install with [npm][]:

``sh npm install micromark-extension-gfm-tagfilter`

In Deno with [esm.sh][esmsh]:

`js import {gfmTagfilterHtml} from 'https://esm.sh/micromark-extension-gfm-tagfilter@2'`

In browsers with [esm.sh][esmsh]:

`html`

`Use`

`js import {micromark} from 'micromark' import {gfmTagfilterHtml} from 'micromark-extension-gfm-tagfilter'

const output = micromark('XSS! ', { allowDangerousHtml: true, htmlExtensions: [gfmTagfilterHtml()] })

console.log(output)`

Yields:

`html

XSS! <script>alert(1)</script>

API

This package exports the identifier [gfmTagfilterHtml][api-gfm-tagfilter-html]. There is no default export.

`$3`

Create an HTML extension for micromarkto support GitHubs weird and useless tagfilter when serializing to HTML.

###### Returns

Extension for micromark that can be passed in htmlExtensionsto support GitHubs weird and useless tagfilter when serializing to HTML ([HtmlExtension][micromark-html-extension]).

`Authoring`

This package relates to malicious authors, not decent authors.

`HTML`

GFM tagfilter removes certain dangerous HTML tags: iframe, noembed,noframes, plaintext, script, style, title, textarea, and xmp.

`CSS`

This package does not relate to CSS.

`Syntax`

This package does not change how markdown is parsed.

`Types`

This package is fully typed with [TypeScript][]. It exports no additional types.

`Compatibility`

Projects maintained by the unified collective are compatible with maintained versions of Node.js.

When we cut a new major release, we drop support for unmaintained versions of Node. This means we try to keep the current release line,micromark-extension-gfm-tagfilter@^2, compatible with Node.js 16.

This package works with micromark version 3 and later.

`Security`

While micromark is safe by default, this extension only does something whenallowDangerousHtml: trueis passed, which is an unsafe option. This package is not safe.

`Related`

* [micromark-extension-gfm][micromark-extension-gfm] — support all of GFM * [hast-util-sanitize][hast-util-sanitize] — hast utility to make trees safe * [rehype-sanitize][rehype-sanitize] — rehype plugin to sanitize HTML

`Contribute`

See [contributing.md in micromark/.github][contributing] for ways to get started. See [support.md`][support] for ways to get help.

This project has a [code of conduct][coc].
By interacting with this repository, organization, or community you agree to
abide by its terms.

License

[MIT][license] © [Titus Wormer][author]

[build-badge]: https://github.com/micromark/micromark-extension-gfm-tagfilter/workflows/main/badge.svg

[build]: https://github.com/micromark/micromark-extension-gfm-tagfilter/actions

[coverage-badge]: https://img.shields.io/codecov/c/github/micromark/micromark-extension-gfm-tagfilter.svg

[coverage]: https://codecov.io/github/micromark/micromark-extension-gfm-tagfilter

[downloads-badge]: https://img.shields.io/npm/dm/micromark-extension-gfm-tagfilter.svg

[downloads]: https://www.npmjs.com/package/micromark-extension-gfm-tagfilter

[size-badge]: https://img.shields.io/badge/dynamic/json?label=minzipped%20size&query=$.size.compressedSize&url=https://deno.bundlejs.com/?q=micromark-extension-gfm-tagfilter

[size]: https://bundlejs.com/?q=micromark-extension-gfm-tagfilter

[sponsors-badge]: https://opencollective.com/unified/sponsors/badge.svg

[backers-badge]: https://opencollective.com/unified/backers/badge.svg

[collective]: https://opencollective.com/unified

[chat-badge]: https://img.shields.io/badge/chat-discussions-success.svg

[chat]: https://github.com/micromark/micromark/discussions

[npm]: https://docs.npmjs.com/cli/install

[esmsh]: https://esm.sh

[license]: license

[author]: https://wooorm.com

[contributing]: https://github.com/micromark/.github/blob/main/contributing.md

[support]: https://github.com/micromark/.github/blob/main/support.md

[coc]: https://github.com/micromark/.github/blob/main/code-of-conduct.md

[esm]: https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c

[typescript]: https://www.typescriptlang.org

[micromark]: https://github.com/micromark/micromark

[micromark-html-extension]: https://github.com/micromark/micromark#htmlextension

[micromark-extension-gfm]: https://github.com/micromark/micromark-extension-gfm

[rehype-sanitize]: https://github.com/rehypejs/rehype-sanitize

[hast-util-sanitize]: https://github.com/syntax-tree/hast-util-sanitize

[tag filter]: https://github.github.com/gfm/#disallowed-raw-html-extension-

[api-gfm-tagfilter-html]: #gfmtagfilterhtml