package.json

@@ -1,11 +1,12 @@
 {
   "name": "remark-html",
-  "version": "10.0.0",
+  "version": "11.0.0",
   "description": "remark plugin to compile Markdown to HTML",
   "license": "MIT",
   "keywords": [
     "unified",
     "remark",
+    "remark-plugin",
     "plugin",
     "mdast",
     "markdown",
@@ -15,6 +16,10 @@
   ],
   "repository": "remarkjs/remark-html",
   "bugs": "https://github.com/remarkjs/remark-html/issues",
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/unified"
+  },
   "author": "Titus Wormer <tituswormer@gmail.com> (https://wooorm.com)",
   "contributors": [
     "Titus Wormer <tituswormer@gmail.com> (https://wooorm.com)",
@@ -28,25 +33,25 @@
   ],
   "dependencies": {
     "hast-util-sanitize": "^2.0.0",
-    "hast-util-to-html": "^6.0.0",
-    "mdast-util-to-hast": "^6.0.0",
+    "hast-util-to-html": "^7.0.0",
+    "mdast-util-to-hast": "^8.0.0",
     "xtend": "^4.0.1"
   },
   "devDependencies": {
     "browserify": "^16.0.0",
     "commonmark.json": "^0.29.0",
     "is-hidden": "^1.0.0",
-    "nyc": "^14.0.0",
-    "prettier": "^1.0.0",
-    "remark": "^10.0.0",
-    "remark-cli": "^6.0.0",
-    "remark-github": "^8.0.0",
-    "remark-preset-wooorm": "^5.0.0",
-    "remark-toc": "^6.0.0",
+    "nyc": "^15.0.0",
+    "prettier": "^2.0.0",
+    "remark": "^11.0.0",
+    "remark-cli": "^7.0.0",
+    "remark-github": "^9.0.0",
+    "remark-preset-wooorm": "^6.0.0",
+    "remark-toc": "^7.0.0",
     "tape": "^4.0.0",
     "tinyify": "^2.0.0",
     "to-vfile": "^6.0.0",
-    "xo": "^0.24.0"
+    "xo": "^0.28.0"
   },
   "scripts": {
     "format": "remark *.md -qfo && prettier --write \"**/*.js\" && xo --fix",
@@ -74,6 +79,9 @@
   "xo": {
     "prettier": true,
     "esnext": false,
+    "rules": {
+      "unicorn/prefer-includes": "off"
+    },
     "ignores": [
       "remark-html.js"
     ]

readme.md

@@ -8,7 +8,7 @@
 [![Backers][backers-badge]][collective]
 [![Chat][chat-badge]][chat]
 
-[**remark**][remark] plugin to compile Markdown to HTML.
+[**remark**][remark] plugin to serialize Markdown as HTML.
 
 > ⚠️ This package essentially packs [`remark-rehype`][remark2rehype] and
 > [`rehype-stringify`][rehype-stringify], and although it does support some
@@ -69,7 +69,7 @@ Now, running `node example` yields:
 
 ### `remark().use(html[, options])`
 
-Compile Markdown to HTML.
+Serialize Markdown as HTML.
 
 ##### `options`
 
@@ -78,13 +78,13 @@ All options except for `sanitize` are passed to
 
 ###### `options.sanitize`
 
-How to sanitise the output (`Object` or `boolean`, default: `false`).
+How to sanitize the output (`Object` or `boolean`, default: `true`).
 
 If `false`, no HTML is sanitized, and dangerous HTML is left unescaped.
 
 If `true` or an `object`, sanitation is done by [`hast-util-sanitize`][sanitize]
 If an object is passed in, it’s given as a schema to `hast-util-sanitize`.
-If `true`, input is sanitised according to [GitHub’s sanitation rules][github].
+If `true`, input is sanitized according to [GitHub’s sanitation rules][github].
 
 > Note that raw HTML in Markdown cannot be sanitized, so it’s removed.
 > A schema can still be used to allow certain values from [integrations][]
@@ -103,7 +103,7 @@ var schema = merge(github, {attributes: {'*': ['className']}})
 
 remark()
   .use(html, {sanitize: schema})
-  .processSync(/* ... */)
+  .processSync(/* … */)
 ```
 
 ## CommonMark
@@ -137,7 +137,7 @@ which do not often occur in the real world.
     — Highlight CSS code with [midas](https://github.com/ben-eb/midas)
 *   [`remark-toc`](https://github.com/remarkjs/remark-toc)
     — Generate a Tables of Contents
-*   ...and [more][remark-plugins]
+*   …and [more][remark-plugins]
 
 All [**mdast** nodes][mdast] can be compiled to HTML.
 Unknown **mdast** nodes are compiled to `div` nodes if they have `children` or
@@ -171,14 +171,21 @@ For example, the following node:
 <i class="foo">bar</i>
 ```
 
+## Security
+
+Use of `remark-html` is *unsafe* by default and opens you up to a
+[cross-site scripting (XSS)][xss] attack.
+Pass `sanitize: true` to prevent attacks.
+Settings `sanitize` to anything else may be unsafe.
+
 ## Contribute
 
 See [`contributing.md`][contributing] in [`remarkjs/.github`][health] for ways
 to get started.
 See [`support.md`][support] for ways to get help.
 
-This project has a [Code of Conduct][coc].
-By interacting with this repository, organisation, or community you agree to
+This project has a [code of conduct][coc].
+By interacting with this repository, organization, or community you agree to
 abide by its terms.
 
 ## License
@@ -209,7 +216,7 @@ abide by its terms.
 
 [collective]: https://opencollective.com/unified
 
-[chat-badge]: https://img.shields.io/badge/join%20the%20community-on%20spectrum-7b16ff.svg
+[chat-badge]: https://img.shields.io/badge/chat-spectrum-7b16ff.svg
 
 [chat]: https://spectrum.chat/unified/remark
 
@@ -256,3 +263,5 @@ abide by its terms.
 [commonmark]: https://commonmark.org
 
 [integrations]: #integrations
+
+[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting

test/index.js

@@ -98,7 +98,7 @@ integrations = integrations.filter(hidden)
 var section
 var start
 
-commonmark.forEach(function(test, position) {
+commonmark.forEach(function (test, position) {
   if (section !== test.section) {
     section = test.section
     start = position
@@ -107,17 +107,17 @@ commonmark.forEach(function(test, position) {
   test.relative = position - start + 1
 })
 
-test('remark-html()', function(t) {
+test('remark-html()', function (t) {
   var processor
 
   t.equal(typeof html, 'function', 'should be a function')
 
-  t.doesNotThrow(function() {
+  t.doesNotThrow(function () {
     html.call(remark())
   }, 'should not throw if not passed options')
 
   t.throws(
-    function() {
+    function () {
       remark()
         .use(html)
         .stringify({type: 'root', children: [{value: 'baz'}]})
@@ -159,7 +159,7 @@ test('remark-html()', function(t) {
 
   processor = remark().use(html, {
     handlers: {
-      paragraph: function(h, node) {
+      paragraph: function (h, node) {
         node.children[0].value = 'changed'
         return h(node, 'p', all(h, node))
       }
@@ -173,8 +173,8 @@ test('remark-html()', function(t) {
   )
 
   processor = remark()
-    .use(function() {
-      return function(ast) {
+    .use(function () {
+      return function (ast) {
         ast.children[0].children[0].data = {
           hProperties: {title: 'overwrite'}
         }
@@ -189,8 +189,8 @@ test('remark-html()', function(t) {
   )
 
   processor = remark()
-    .use(function() {
-      return function(ast) {
+    .use(function () {
+      return function (ast) {
         ast.children[0].children[0].data = {hName: 'b'}
       }
     })
@@ -203,8 +203,8 @@ test('remark-html()', function(t) {
   )
 
   processor = remark()
-    .use(function() {
-      return function(ast) {
+    .use(function () {
+      return function (ast) {
         var code = ast.children[0].children[0]
 
         code.data = {
@@ -228,8 +228,8 @@ test('remark-html()', function(t) {
   )
 
   processor = remark()
-    .use(function() {
-      return function(ast) {
+    .use(function () {
+      return function (ast) {
         var code = ast.children[0].children[0]
 
         code.data = {
@@ -253,8 +253,8 @@ test('remark-html()', function(t) {
   )
 
   processor = remark()
-    .use(function() {
-      return function(ast) {
+    .use(function () {
+      return function (ast) {
         ast.children[0].data = {
           hProperties: {className: 'foo'}
         }
@@ -269,10 +269,7 @@ test('remark-html()', function(t) {
   )
 
   t.equal(
-    remark()
-      .use(html)
-      .processSync('## Hello <span>world</span>')
-      .toString(),
+    remark().use(html).processSync('## Hello <span>world</span>').toString(),
     '<h2>Hello <span>world</span></h2>\n',
     'should be `sanitation: false` by default'
   )
@@ -317,8 +314,8 @@ test('remark-html()', function(t) {
 })
 
 // Assert fixtures.
-test('Fixtures', function(t) {
-  fixtures.forEach(function(fixture) {
+test('Fixtures', function (t) {
+  fixtures.forEach(function (fixture) {
     var filepath = join(fixtureRoot, fixture)
     var output = read(join(filepath, 'output.html'), 'utf-8')
     var input = read(join(filepath, 'input.md'), 'utf-8')
@@ -338,8 +335,8 @@ test('Fixtures', function(t) {
 })
 
 // Assert CommonMark.
-test('CommonMark', function(t) {
-  commonmark.forEach(function(test, n) {
+test('CommonMark', function (t) {
+  commonmark.forEach(function (test, n) {
     var name = test.section + ' ' + test.relative
     var file = vfile(name + '.md')
     var result
@@ -373,8 +370,8 @@ test('CommonMark', function(t) {
 })
 
 // Assert integrations.
-test('Integrations', function(t) {
-  integrations.forEach(function(integration) {
+test('Integrations', function (t) {
+  integrations.forEach(function (integration) {
     var filepath = join(integrationRoot, integration)
     var output = read(join(filepath, 'output.html'), 'utf-8')
     var input = read(join(filepath, 'input.md'), 'utf-8')