A marked extension to render JSX code blocks using a custom renderer and components. This extension is especially useful when you want to incorporate React JSX code directly into your Markdown documents and control how it's rendered.
You can install the marked-code-jsx-renderer
using npm or yarn:
npm i -D marked-code-jsx-renderer
# or
yarn add --dev marked-code-jsx-renderer
To use this extension, you need to incorporate it into your marked processing pipeline. Here's an example of how to do it:
Say we have the following file example.md
:
This is some code:
```jsx renderable prettier
<Nav>
<Nav.Item>
<Nav.Link href='/features'>Features</Nav.Link>
</Nav.Item>
<Nav.Item>
<Nav.Link href='/pricing'>Pricing</Nav.Link>
</Nav.Item>
<Nav.Item>
<Nav.Link href='/about'>About</Nav.Link>
</Nav.Item>
</Nav>
```
🚨 Important: The renderable
attribute must be specified in code fence blocks!
And our module example.js
looks as follows:
import { readFileSync } from 'node:fs'
import { Marked } from 'marked'
import markedCodeFormat from 'marked-code-format'
import markedCodeJsxRenderer from 'marked-code-jsx-renderer'
// runner
import * as runtime from 'react/jsx-runtime'
import { Nav } from 'react-bootstrap'
import { renderToStaticMarkup } from 'react-dom/server'
const content = readFileSync('example.md', 'utf-8')
const html = await new Marked({ async: true })
.use(
markedCodeJsxRenderer({
...runtime,
components: { Nav },
renderer: renderToStaticMarkup
})
)
.use(markedCodeFormat())
.parse(content)
console.log(html)
Now, running node example.js
yields:
<p>This is some code:</p>
<pre><code class="language-html"><div class="nav">
<div class="nav-item">
<a href="/features" data-rr-ui-event-key="/features" class="nav-link"
>Features</a
>
</div>
<div class="nav-item">
<a href="pricing" data-rr-ui-event-key="pricing" class="nav-link"
>Pricing</a
>
</div>
<div class="nav-item">
<a href="about" data-rr-ui-event-key="about" class="nav-link">About</a>
</div>
</div>
</code></pre>
ℹ️ This extension offers support for inline options, specifically tailored to the
unwrap
option. With inline options, you have fine-grained control over the behavior of theunwrap
feature.```jsx renderable="{unwrap: true}" // jsx code here ```
This extension accepts several options to customize its behavior:
An object where keys represent component names and values are React component types. These components are used for rendering JSX code blocks.
import { Alert, Button } from 'react-bootstrap'
marked.use(
markedCodeJsxRenderer({
components: { Alert, Button }
})
)
Symbol to use for fragments. This option can be helpful if your JSX code specifically requires a particular type of Fragment.
import { Fragment } from 'react/jsx-runtime'
marked.use(markedCodeJsxRenderer({ Fragment }))
The jsx
function to use when rendering JSX code. You can customize this function if your rendering process relies on a custom jsx
implementation.
import { jsx } from 'react/jsx-runtime'
marked.use(markedCodeJsxRenderer({ jsx }))
The jsxs
function to use when rendering JSX code. Similar to jsx
, this option allows you to customize the jsxs
function if needed.
import { jsxs } from 'react/jsx-runtime'
marked.use(markedCodeJsxRenderer({ jsxs }))
A custom rendering function for rendering JSX code. This function should return a string. You can use this to render JSX using various methods, such as converting it to HTML or rendering it on the client-side.
import { renderToStaticMarkup } from 'react-dom/server'
marked.use(markedCodeJsxRenderer({ renderer: renderToStaticMarkup }))
The sanitizer
option is an optional function that allows you to sanitize the JSX code before rendering. You can use this function to enhance security and prevent code injection.
import { renderToStaticMarkup } from 'react-dom/server'
import xss from 'xss'
marked.use(markedCodeJsxRenderer({ sanitizer: customSanitizer }))
// Sanitize the JSX code using the xss library
// you can replace it with any sanitizer you want (e.g. DOMPurify)
function sanitizeJSX(jsxCode) {
const options = {
// Define your custom xss options here
}
return xss(jsxCode, options)
}
Implement monitoring and logging mechanisms to keep track of any unusual or potentially malicious activities during transformation, if the markdown input contains untrusted or user-generated content.
// in this example, errors will be logged to the console for debugging and monitoring purposes.
marked.use(markedCodeJsxRenderer({ errorHandler: console.error }))
// you can replace console.error with a more advanced logging solution like Winston or Morgan
// for better error tracking and management.
If true
, the extension will not wrap the rendered code in a codefence
element. Based on the example above, this will result in the following output:
<p>This is some code:</p>
<div class="nav">
<div class="nav-item">
<a href="/features" data-rr-ui-event-key="/features" class="nav-link"
>Features</a
>
</div>
<div class="nav-item">
<a href="pricing" data-rr-ui-event-key="pricing" class="nav-link"
>Pricing</a
>
</div>
<div class="nav-item">
<a href="about" data-rr-ui-event-key="about" class="nav-link">About</a>
</div>
</div>
It's essential to be aware of potential security risks, especially when the markdown input contains untrusted or user-generated content. Here are some security considerations when using this extension:
-
Code Injection: This extension uses the
new Function
constructor to dynamically create a function from the transformed code. While this is a common technique for rendering JSX, it can be risky if the input code contains malicious code. Ensure that you thoroughly sanitize and validate the input code to prevent code injection attacks. -
Untrusted Markdown: If your application allows users to input markdown content, there is a risk of users injecting malicious code within code blocks. Make sure to sanitize and validate user-generated markdown content to prevent any security vulnerabilities.
-
Error Handling: The code includes an error handling mechanism (
errorHandler
) to catch and handle exceptions. While this is a good practice, be cautious not to expose sensitive information in error messages, which could aid attackers in understanding your system's architecture.
We 💛 issues.
When committing, please conform to the semantic-release commit standards. Please install commitizen
and the adapter globally, if you have not already.
npm i -g commitizen cz-conventional-changelog
Now you can use git cz
or just cz
instead of git commit
when committing. You can also use git-cz
, which is an alias for cz
.
git add . && git cz
A project by Stilearning © 2023-2024.