npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

react-html-parser-upgrade

v3.0.0

Published

Parse HTML into React components

Downloads

14

Readme

React HTML Parser

A utility for converting HTML strings into React components. Converts standard HTML elements, attributes and inline styles into their React equivalents and provides a simple way to modify and replace the content.

Try the Live Demo

Travis branch Coveralls npm Downloads David

Install

npm install react-html-parser
# or
yarn add react-html-parser

Usage

import React from 'react';
import ReactHtmlParser, { processNodes, convertNodeToElement, htmlparser2 } from 'react-html-parser';

class HtmlComponent extends React.Component {
  render() {
    const html = '<div>Example HTML string</div>';
    return <div>{ ReactHtmlParser(html) }</div>;
  }
}

Security

It is important to understand that this library should not be used as a direct replacement for using properly sanitized HTML and that it only provides the same level of protection that React does which does not provide 100% protection. All HTML should be properly sanitized using a dedicated sanitisation library (such as dompurify for node/js) before being passed to this library to ensure that you are fully protected from malicious injections.

What doesn't React protect me from?

Whilst React has a certain level of protection to injection attacks built into it, it doesn't cover everything, for example:

  • xss via iframe src: <iframe src="javascript:alert('xss')" />
  • xss via link href: <a href="javascript:alert('xss')">click me</a>

Click here to see these in action and how to protect yourself using dompurify in the browser.

Why doesn't ReactHTMLParser protect me automatically?

Including a sanitizer as part of the library means it is making decisions for you that may not be correct. It is up to you to decide what level of sanitization you need and to act accordingly. Some users may already be sanitizing on the server or others may have specialized requirements that cannot be covered by a generic implementation.

Additionally, HTML sanitization is a hard thing to get right and even the most popular and actively developed sanitizers have vulnerabilities discovered from time to time. By leaving the sanitization outside of this library it gives users the ability to patch and deploy any fixes needed immediately instead of having to wait for a new version of this library to be released with the fix.

API

function ReactHtmlParser(html, [options])

Takes an HTML string and returns equivalent React elements

Usage

import ReactHtmlParser from 'react-html-parser';

Arguments

  • html: The HTML string to parse
  • options: Options object
    • decodeEntities=true (boolean): Whether to decode html entities (defaults to true)
    • transform (function): Transform function that is applied to every node
    • preprocessNodes (function): Pre-process the nodes generated by htmlparser2

Transform Function

The transform function will be called for every node that is parsed by the library.

function transform(node, index)

Arguments
  • node: The node being parsed. This is the htmlparser2 node object. Full details can be found on their project page but important properties are:
    • type (string): The type of node (tag, text, style etc)
    • name (string): The name of the node
    • children (array): Array of children nodes
    • next (node): The node's next sibling
    • prev (node): The node's previous sibling
    • parent (node): The node's parent
    • data (string): The text content, if the type is text
  • index (number): The index of the node in relation to it's parent

Return Types

return null Returning null will prevent the node and all of it's children from being rendered.

function transform(node) {
  // do not render any <span> tags
  if (node.type === 'tag' && node.name === 'span') {
    return null;
  }
}

return undefined If the function does not return anything, or returns undefined, then the default behaviour will occur and the parser will continue was usual.

return React element React elements can be returned directly

import React from 'react';
function transform(node) {
  if (node.type === 'tag' && node.name === 'b') {
    return <div>This was a bold tag</div>;
  }
}

preprocessNodes Function

Allows pre-processing the nodes generated from the html by htmlparser2 before being passed to the library and converted to React elements.

function preprocessNodes(nodes)

Arguments
  • nodes: The entire node tree generated by htmlparser2.
Return type

The preprocessNodes function should return a valid htmlparser2 node tree.

function convertNodeToElement(node, index, transform)

Processes a node and returns the React element to be rendered. This function can be used in conjunction with the previously described transform function to continue to process a node after modifying it.

Usage

import { convertNodeToElement } from 'react-html-parser';

Arguments

  • node: The node to process
  • index (number): The index of the node in relation to it's parent
  • transform: The transform function as described above
import { convertNodeToElement } from 'react-html-parser';
function transform(node, index) {
  // convert <ul> to <ol>
  if (node.type === 'tag' && node.name === 'ul') {
    node.name = 'ol';
    return convertNodeToElement(node, index, transform);
  }
}

htmlparser2

The library exposes the htmlparser2 library it uses. This allows consumers to use it without having to add it as a separate dependency.

See https://github.com/fb55/htmlparser2 for full details.