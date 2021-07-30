mdast utility to treat HTML comments as ranges.

Useful in remark plugins.

Install

This package is ESM only: Node 12+ is needed to use it and it must be import ed instead of require d.

npm:

npm install mdast-zone

Use

Say we have the following file, example.md :

Foo

And our script, example.js , looks as follows:

import {readSync} from 'to-vfile' import {remark} from 'remark' import {zone} from 'mdast-zone' const file = readSync( 'example.md' ) remark() .use(plugin) .process(file) .then( ( file ) => { console .log( String (file)) }) function plugin ( ) { return transform function transform ( tree ) { zone(tree, 'foo' , mutate) } function mutate ( start, nodes, end ) { return [ start, { type : 'paragraph' , children : [{ type : 'text' , value : 'Bar' }]}, end ] } }

Now, running node example yields:

Bar

API

This package exports the following identifiers: zone . There is no default export.

Search tree for comment ranges (“zones”).

Parameters

tree ( Node ) — Tree to search for ranges

( ) — Tree to search for ranges name ( string ) — Name of ranges to search for

( ) — Name of ranges to search for handler ( Function ) — Function invoked for each found range

function handler(start, nodes, end)

Invoked with the two markers that determine a range: the first start and the last end , and the content inside.

Parameters

start ( Node ) — Start of range (an HTML comment node)

( ) — Start of range (an HTML comment node) nodes ( Array.<Node> ) — Nodes between start and end

( ) — Nodes between and end ( Node ) — End of range (an HTML comment node)

Returns

Array.<Node>? — List of nodes to replace start , nodes , and end with, optional.

Security

Improper use of handler can open you up to a cross-site scripting (XSS) attack as the value it returns is injected into the syntax tree. This can become a problem if the tree is later transformed to hast. The following example shows how a script is injected that could run when loaded in a browser.

function handler ( start, nodes, end ) { return [start, { type : 'html' , value : 'alert(1)' }, end] }

Yields:

< script > alert(1) </ script >

Either do not use user input or use hast-util-santize .

License

MIT © Titus Wormer