html-inject-meta
Stream meta tags into html
Introduction
Add metadata tags to a stream of html so that it looks pretty when you share it. See: indexhtmlify#5.
Installation
$ npm i html-inject-meta
Usage
html-inject-meta
is designed to just work without much configuration, but allows overrides when necessary. The input must be valid html containing head
and title
tags. Insertion of the meta
tags is not idempotent. Used without any arguments, the command line version looks for the nearest package.json
. For example:
$ html-inject-meta < input.html
Given package.json
:
and given a minimal html input
-
it produces the output:
html-inject-meta
If you don't want to pollute your package.json
with metadata for sharing, you can override the defaults by adding a html-inject-meta
field to your package.json
, e.g:
Even better, use it with indexhtmlify:
$ browserify index.js | indexhtmlify | html-inject-meta > index.html
To override the nearest package.json
with your own input JSON:
$ html-inject-meta --input=mydata.json < input.html
You can disable json input with --no-input
and instead specify fields on the command line:
$ html-inject-meta --no-input --title="My page!" --description="A description..." --author="My Name" < input.html
If you need further customization or more specificity, look in the code to see the precise logic. PRs with improvements are welcome!
API
require('html-inject-meta')([data])
Returns a transform stream that applies to a stream of html the changes specified in data
. The format of data
identically matches the format of package.json
that is read by the command line version, including the optional html-inject-meta
field.
NB: My only use-case for this module is for building static pages. I've done my best to escape entities so that scrapers handle the meta tags well. Escaping via the entities module is too strong so that entities show up in the scraped data. Instead I've escaped &
, "
, <
and >
which should provide basic sanitization, but you should exercise caution if passing end-user data through to a publicly distributed page. I'm not willing to assert that malicious injection is absolutely impossible. But realistically it seems fine to me and not like the intended use case anyway. I mean why would you construct your own malicious package.json? I just feel like it's important to be transparent about this. Please don't hesitate to file an issue or PR with any issues or concerns.
See also
This module is heaviliy inspired by and works great with indexhtmlify. Many thanks to Dima Yv for the initial inspiration.
License
© 2016 Ricky Reusser. MIT License.