If you are first-time user of the Storyblok, read the Getting Started guide to get a project ready in less than 5 minutes.
npm install @storyblok/richtextor yarn:
yarn add @storyblok/richtextor pnpm:
pnpm add @storyblok/richtextimport { richTextResolver } from '@storyblok/richtext';
const { render } = richTextResolver();
const html = render(doc);
document.querySelector<HTMLDivElement>('#app')!.innerHTML = `
<div>
${html}
</div>
`;To overwrite an existing resolver, you can pass a property called resolvers available on the richTextResolver options.
import { MarkTypes, richTextResolver } from '@storyblok/richtext';
const html = richTextResolver({
resolvers: {
[MarkTypes.LINK]: (node) => {
return `<button href="${node.attrs?.href}" target="${node.attrs?.target}">${node.children}</button>`;
},
},
}).render(doc);It is possible to ensure correct typing support in a framework-agnostic way by using Typescript Generics
- Vanilla
string - Vue
VNode - React
React.ReactElement
This way the @storyblok/richtext is ignorant of framework specific types, avoiding having to import them and having vue react etc as dependencies.
// Vanilla
const options: StoryblokRichTextOptions<string> = {
resolvers: {
[MarkTypes.LINK]: (node: Node<string>) => {
return `<button href="${node.attrs?.href}" target="${node.attrs?.target}">${node.children}</button>`;
},
},
};
const html = richTextResolver<string>(options).render(doc);// Vue
const options: StoryblokRichTextOptions<VNode> = {
renderFn: h,
keyedResolvers: true,
};
const root = () => richTextResolver<VNode>(options).render(doc);// React
const options: StoryblokRichTextOptions<React.ReactElement> = {
renderFn: React.createElement,
keyedResolvers: true,
};
const root = () => richTextResolver<React.ReactElement>(options).render(doc);To optimize images in the richtext, you can use the optimizeImages property on the richTextResolver options. For the full list of available options, check the Image Optimization documentation.
import { richTextResolver } from '@storyblok/richtext';
const html = richTextResolver({
optimizeImages: {
class: 'my-peformant-image',
loading: 'lazy',
width: 800,
height: 600,
srcset: [400, 800, 1200, 1600],
sizes: ['(max-width: 400px) 100vw', '50vw'],
filters: {
format: 'webp',
quality: 10,
grayscale: true,
blur: 10,
brightness: 10,
},
},
}).render(doc);Warning
This package does not provide proper HTML sanitization by default
The @storyblok/richtext package primarly converts rich text content into HTML strings, which can then be rendered into the DOM of a web page. This means that any HTML output generated by the rich text resolver includes the raw content as it is defined in Storyblok, which may potentially include harmful or malicious scripts.
Injecting unsanitized HTML into your web application can expose it to cross-site scripting (XSS) attacks. XSS attacks can allow attackers to execute malicious scripts in the context of your website, potentially leading to data theft, session hijacking, and other security breaches.
As a developer using @storyblok/richtext, you are responsible for sanitizing the HTML output from the rich text resolver before injecting it into the DOM. This precaution helps prevent XSS attacks and ensures a safer web environment for your users.
To assist you in sanitizing HTML content, we recommend using the following library:
-
sanitize-html: A simple HTML sanitizer with a flexible API that can adjust to a wide range of applications.
GitHub: sanitize-html
Here is an example of how you might sanitize HTML output using sanitize-html before rendering it to the DOM:
import sanitizeHtml from 'sanitize-html';
import { richTextResolver } from '@storyblok/richtext';
const html = richTextResolver().render(yourRichTextContent);
const sanitizedHTML = sanitizeHtml(html, {
allowedTags: sanitizeHtml.defaults.allowedTags.concat(['img', 'figure', 'figcaption']),
allowedAttributes: {
...sanitizeHtml.defaults.allowedAttributes,
img: ['src', 'alt', 'title']
}
});
document.getElementById('your-element-id').innerHTML = sanitizedHTML;pnpm install
This command will install the dependencies for the workspace, including the dependencies for the playgrounds under /playground and different framework wrappers /packages
To run the vanilla Typescript playground:
pnpm run playgroundVue playground:
pnpm run playground:vueReact playground:
pnpm run playground:reactAlternatively you can run the following command to run all the playgrounds:
pnpm run playground:allTo build the core package:
pnpm run buildTo build the wrappers under /packages:
pnpm run build:packagesTo lint the core package:
pnpm run lintTo lint the wrappers under /packages:
pnpm run lint:packagesAlternatively, you can run the following command to fix the linting issues:
pnpm run lint:fixTo run the tests for the core package:
pnpm run test- Storyblok Technology Hub: Storyblok integrates with every framework so that you are free to choose the best fit for your project. We prepared the technology hub so that you can find selected beginner tutorials, videos, boilerplates, and even cheatsheets all in one place.
- Getting Started: Get a project ready in less than 5 minutes.
- Storyblok CLI: A simple CLI for scaffolding Storyblok projects and fieldtypes.
- Bugs or Feature Requests? Submit an issue.
- Do you have questions about Storyblok or you need help? Join our Discord Community.
Please see our contributing guidelines and our code of conduct. This project use semantic-release for generate new versions by using commit messages and we use the Angular Convention to naming the commits. Check this question about it in semantic-release FAQ