readme.md 4.9 KB

Build Coverage Downloads Size Sponsors Backers Chat

remark plugin to automatically add target and rel attributes to external links.

Note!

This plugin is ready for the new parser in remark (remarkjs/remark#536). The current and previous versions of the plugin work with the current and previous versions of remark.

Install

npm:

npm install remark-external-links

Use

Say we have the following file, example.js:

var remark = require('remark')
var html = require('remark-html')
var externalLinks = require('remark-external-links')

remark()
  .use(externalLinks, {target: false, rel: ['nofollow']})
  .use(html)
  .process('[remark](https://github.com/remarkjs/remark)', function(err, file) {
    if (err) throw err
    console.log(String(file))
  })

Now, running node example yields:

<p><a href="https://github.com/remarkjs/remark" rel="nofollow">remark</a></p>

API

Automatically add target and rel attributes to external links.

options
options.target

How to display referenced documents (string?: _self, _blank, _parent, or _top, default: _blank). Pass false to not set targets on links.

options.rel

Link types to hint about the referenced documents (Array.<string> or string, default: ['nofollow', 'noopener', 'noreferrer']). Pass false to not set rels on links.

When using a target, add noopener and noreferrer to avoid exploitation of the window.opener API.

options.protocols

Protocols to check, such as mailto or tel (Array.<string>, default: ['http', 'https']).

options.content

hast content to insert at the end of external links (Node or Children). Will be inserted in a <span> element.

Useful for improving accessibility by giving users advanced warning when opening a new window.

options.contentProperties

Properties to add to the span wrapping content, when given.

Security

options.content is used and injected into the tree when it’s given. This could open you up to a cross-site scripting (XSS) attack if you pass user provided content in.

This may become a problem if the Markdown later transformed to rehype (hast) or opened in an unsafe Markdown viewer.

Most likely though, this plugin will instead protect you from exploitation of the window.opener API.

Contribute

See contributing.md in remarkjs/.github for ways to get started. See support.md for ways to get help.

This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.

License

MIT © Cédric Delpoux