nodify-string
👟 Convert HTML strings into DOM nodes without innerHTML
Why?
nodify-string
was created to be used in conjunction with Marked.js. The library converts markdown into an HTML string. In most scenarios, that HTML string is then added to the DOM using an element's innerHTML
method. However, there are possible security risks with using innerHTML
.
To avoid those risks, nodify-string
converts an HTML string like the one generated from Marked.js into a NodeList
or Array
. The output can then be appended to a parent element using the appendChild
method.
Install
Get CDN from UNPKG:
Install via npm or yarn:
npm install --save nodify-string # or yarn add nodify-string
Docs
Basic
Add nodify-string
to your list of scripts at the bottom of your HTML document. Then call the nodifyString
function and pass it an HTML string to nodify. Once you have your list, loop over it and append each node to a parent element.
<!-- index.html -->
Use with Marked.js
Add both nodify-string
and Marked.js to your document. Then go through the same process with the output from the marked
function.
<!-- index.html -->
Settings
An optional second argument passed to the nodifyString
function is a settings object. As of the current version, there is only one option: array
.
By default, nodifyString
will return a NodeList
.