Generative DOM

Appearance

markdown-link

Handles inline links, images, and autolinks with URL validation and protocol whitelisting.

Details

PropertyValue
Namemarkdown-link
Priority200
TypeInline
FactorymarkdownLink()

What It Handles

markdown
[Link text](https://example.com)
[Link with title](https://example.com "Example Site")

Renders as:

html
<a href="https://example.com">Link text</a>
<a href="https://example.com" title="Example Site">Link with title</a>

Images

markdown
![Alt text](https://example.com/image.png)
![Alt text](https://example.com/image.png "Image title")

Renders as:

html
<img src="https://example.com/image.png" alt="Alt text" loading="lazy">
<img src="https://example.com/image.png" alt="Alt text" title="Image title" loading="lazy">

Images automatically receive loading="lazy" for performance.

markdown
<https://example.com>
<mailto:user@example.com>

Renders as:

html
<a href="https://example.com">https://example.com</a>
<a href="mailto:user@example.com">user@example.com</a>

Link Text with Inline Formatting

Link text supports inline formatting:

markdown
[**Bold link**](https://example.com)
[`Code link`](https://example.com)
[*Italic* link](https://example.com)

URL Security

URLs are validated against a protocol whitelist:

ElementAllowed Protocols
Linkshttps:, http:, mailto:
Imageshttps:, http:

Blocked URLs are stripped. The element is rendered without the href or src attribute:

markdown
[click](javascript:alert('xss'))    --> <a>click</a> (no href)
![img](data:text/html,...)          --> <img alt="img"> (no src)

This blocking covers:

  • javascript: URLs
  • data: URLs
  • vbscript: URLs
  • URL-encoded variants (java%73cript:)
  • Case variations (JaVaScRiPt:)
  • Null byte injections

API

ts
import { markdownLink } from '@generative-dom/plugins';

const plugin = markdownLink();

No configuration options.

Edge Cases

  • Parentheses in URLs must be balanced or escaped: [link](https://en.wikipedia.org/wiki/URL_(disambiguation))
  • Empty link text is valid: [](https://example.com)
  • Empty URL is valid: [text]()
  • Nested square brackets in link text: [text [with brackets]](url)
  • Title strings can use single quotes, double quotes, or parentheses as delimiters
  • Stream splits inside links ([text](ur + l)) are handled by the buffer

Rendering

SyntaxOutput Element
[text](url)<a href="url">
![alt](src)<img src="src" alt="alt" loading="lazy">
<url><a href="url"> (autolink)