Rename allowDangerousHTML > allowDangerousHtml

syntax-tree · Jan 16, 2020 · 0ff62a4 · 0ff62a4
1 parent 91f9eba
commit 0ff62a4
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 5 deletions.
diff --git a/lib/index.js b/lib/index.js
@@ -11,6 +11,8 @@ module.exports = toHtml
 var quotationMark = '"'
 var apostrophe = "'"
 
+var deprecationWarningIssued = false
+
 function toHtml(node, options) {
   var settings = options || {}
   var quote = settings.quote || quotationMark
@@ -29,6 +31,15 @@ function toHtml(node, options) {
     )
   }
 
+  if (settings.allowDangerousHTML !== undefined) {
+    if (!deprecationWarningIssued) {
+      deprecationWarningIssued = true
+      console.warn(
+        'Deprecation warning: `allowDangerousHTML` is a nonstandard option, use `allowDangerousHtml` instead'
+      )
+    }
+  }
+
   return one(
     {
       valid: settings.allowParseErrors ? 0 : 1,
@@ -44,7 +55,7 @@ function toHtml(node, options) {
       tightLists: settings.tightCommaSeparatedLists,
       tightClose: settings.tightSelfClosing,
       collapseEmpty: settings.collapseEmptyAttributes,
-      dangerous: settings.allowDangerousHTML,
+      dangerous: settings.allowDangerousHtml || settings.allowDangerousHTML,
       voids: settings.voids || voids.concat(),
       entities: settings.entities || {},
       close: settings.closeSelfClosing,

diff --git a/readme.md b/readme.md
@@ -166,7 +166,7 @@ Do not encode some characters which cause XSS vulnerabilities in older browsers
 (`boolean`, default: `false`).
 **Note**: Only set this if you completely trust the content.
 
-###### `options.allowDangerousHTML`
+###### `options.allowDangerousHtml`
 
 Allow `raw` nodes and insert them as raw HTML.
 When falsey, encodes `raw` nodes (`boolean`, default: `false`).

diff --git a/test/raw.js b/test/raw.js
@@ -11,10 +11,21 @@ test('`element`', function(t) {
     'should encode `raw`s'
   )
 
+  t.deepEqual(
+    to(u('raw', '<script>alert("XSS!")</script>'), {allowDangerousHtml: true}),
+    '<script>alert("XSS!")</script>',
+    'should not encode `raw`s in `allowDangerousHtml` mode'
+  )
+
+  t.deepEqual(
+    to(u('raw', '<script>alert("XSS!")</script>'), {allowDangerousHTML: true}),
+    '<script>alert("XSS!")</script>',
+    'should support the legacy `allowDangerousHTML` (#1)'
+  )
   t.deepEqual(
     to(u('raw', '<script>alert("XSS!")</script>'), {allowDangerousHTML: true}),
     '<script>alert("XSS!")</script>',
-    'should not encode `raw`s in `allowDangerousHTML` mode'
+    'should support the legacy `allowDangerousHTML` (#2)'
   )
 
   t.end()

diff --git a/types/index.d.ts b/types/index.d.ts
@@ -164,7 +164,7 @@ declare namespace hastUtilToHtml {
      *
      * @defaultValue false
      */
-    allowDangerousHTML: boolean
+    allowDangerousHtml: boolean
   }
 }
 

diff --git a/types/tests.ts b/types/tests.ts
@@ -69,5 +69,5 @@ toHtml(node, {
   allowDangerousCharacters: true
 })
 toHtml(node, {
-  allowDangerousHTML: true
+  allowDangerousHtml: true
 })