rehype-external-links

rehype plugin to add rel (and target) to external links.

Contents

• What is this?
• When should I use this?
• Install
• Use
• API
  • unified().use(rehypeExternalLinks[, options])
  • CreateContent
  • CreateProperties
  • CreateRel
  • CreateTarget
  • Options
  • Target
• Types
• Compatibility
• Security
• Contribute
• License

What is this?

This package is a unified (rehype) plugin to add rel (and target) attributes to external links. It is particularly useful when displaying user content on your reputable site, because users could link to disreputable sources (spam, scams, etc), as search engines and other bots will discredit your site for linking to them (or legitimize their sites). In short: linking to something signals trust, but you can’t trust users. This plugin adds certain rel attributes to prevent that from happening.

unified is a project that transforms content with abstract syntax trees (ASTs). rehype adds support for HTML to unified. hast is the HTML AST that rehype uses. This is a rehype plugin that adds rel (and target) to <a>s in the AST.

When should I use this?

This project is useful when you want to display user content from authors you don’t trust (such as comments), as they might include links you don’t endorse, on your website.

Install

This package is ESM only. In Node.js (version 16+), install with npm:

1npm install rehype-external-links

In Deno with esm.sh:

1import rehypeExternalLinks from 'https://esm.sh/rehype-external-links@3'

In browsers with esm.sh:

1<script type="module">
2  import rehypeExternalLinks from 'https://esm.sh/rehype-external-links@3?bundle'
3</script>

Use

Say our module example.js contains:

1import rehypeExternalLinks from 'rehype-external-links'
2import remarkParse from 'remark-parse'
3import remarkRehype from 'remark-rehype'
4import rehypeStringify from 'rehype-stringify'
5import {unified} from 'unified'
6
7const file = await unified()
8  .use(remarkParse)
9  .use(remarkRehype)
10  .use(rehypeExternalLinks, {rel: ['nofollow']})
11  .use(rehypeStringify)
12  .process('[rehype](https://github.com/rehypejs/rehype)')
13
14console.log(String(file))

…then running node example.js yields:

1<p><a href="https://github.com/rehypejs/rehype" rel="nofollow">rehype</a></p>

API

This package exports no identifiers. The default export is rehypeExternalLinks.

unified().use(rehypeExternalLinks[, options])

Automatically add rel (and target?) to external links.

Parameters

• options (Options, optional) — configuration

Returns

Transform (Transformer).

Notes

You should likely not configure target.

You should at least set rel to ['nofollow']. When using a target, add noopener and noreferrer to avoid exploitation of the window.opener API.

When using a target, you should set content to adhere to accessibility guidelines by giving users advanced warning when opening a new window.

CreateContent

Create a target for the element (TypeScript type).

Parameters

• element (Element) — element to check

Returns

Content to add (Array<Node> or Node, optional).

CreateProperties

Create properties for an element (TypeScript type).

Parameters

• element (Element) — element to check

Returns

Properties to add (Properties, optional).

CreateRel

Create a rel for the element (TypeScript type).

Parameters

• element (Element) — element to check

Returns

rel to use (Array<string>, optional).

CreateTarget

Create a target for the element (TypeScript type).

Parameters

• element (Element) — element to check

Returns

target to use (Target, optional).

Options

Configuration (TypeScript type).

Fields

• content (Array<Node>, CreateContent, or Node, optional) — content to insert at the end of external links; will be inserted in a <span> element; useful for improving accessibility by giving users advanced warning when opening a new window
• contentProperties (CreateProperties or Properties, optional) — properties to add to the span wrapping content
• properties (CreateProperties or Properties, optional) — properties to add to the link itself
• protocols (Array<string>, default: ['http', 'https']) — protocols to see as external, such as mailto or tel
• rel (Array<string>, CreateRel, or string, default: ['nofollow']) — link types to hint about the referenced documents; pass an empty array ([]) to not set rels on links; when using a target, add noopener and noreferrer to avoid exploitation of the window.opener API
• target (CreateTarget or Target, optional) — how to display referenced documents; the default (nothing) is to not set targets on links
• test (Test, optional) — extra test to define which external link elements are modified; any test that can be given to hast-util-is-element is supported

Target

Target (TypeScript type).

Type

1type Target = '_blank' | '_parent' | '_self' | '_top'

Types

This package is fully typed with TypeScript. It exports the additional types CreateContent, CreateProperties, CreateRel, CreateTarget, Options, and Target.

Compatibility

Projects maintained by the unified collective are compatible with maintained versions of Node.js.

When we cut a new major release, we drop support for unmaintained versions of Node. This means we try to keep the current release line, rehype-external-links@^3, compatible with Node.js 16.

This plugin works with rehype-parse version 3+, rehype-stringify version 3+, rehype version 4+, and unified version 6+.

Security

Improper use of rehype-external-links can open you up to a cross-site scripting (XSS) attack.

Either do not combine this plugin with user content or use rehype-sanitize.

Contribute

See contributing.md in rehypejs/.github for ways to get started. See support.md for ways to get help.

This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.

License

MIT © Titus Wormer