Rename 'allowDangerousHTML' to 'allowDangerousHtml'

lib/index.js

@@ -13,10 +13,21 @@ var handlers = require('./handlers')
 
 var own = {}.hasOwnProperty
 
+var deprecationWarningIssued = false
+
 // Factory to transform.
 function factory(tree, options) {
   var settings = options || {}
-  var dangerous = settings.allowDangerousHTML
+
+  // Issue a warning if the deprecated tag 'allowDangerousHTML' is used
+  if (settings.allowDangerousHTML !== undefined && !deprecationWarningIssued) {
+    deprecationWarningIssued = true
+    console.warn(
+      'mdast-util-to-hast: deprecation: `allowDangerousHTML` is nonstandard, use `allowDangerousHtml` instead'
+    )
+  }
+
+  var dangerous = settings.allowDangerousHtml || settings.allowDangerousHTML
   var footnoteById = {}
 
   h.dangerous = dangerous

readme.md

@@ -63,7 +63,7 @@ Transform the given [mdast][] [tree][] to a [hast][] [tree][].
 
 ##### Options
 
-###### `options.allowDangerousHTML`
+###### `options.allowDangerousHtml`
 
 Whether to allow [`html`][mdast-html] nodes and inject them as raw HTML
 (`boolean`, default: `false`).
@@ -100,7 +100,7 @@ Default behavior:
 
 *   [`yaml`][mdast-yaml] and `toml` nodes are ignored (created by
     [`remark-frontmatter`][remark-frontmatter])
-*   [`html`][mdast-html] nodes are ignored if `allowDangerousHTML` is `false`
+*   [`html`][mdast-html] nodes are ignored if `allowDangerousHtml` is `false`
 *   [`position`][position]s are properly patched
 *   [`node.data.hName`][hname] configures the hast element’s tag-name
 *   [`node.data.hProperties`][hproperties] is mixed into the hast element’s
@@ -217,7 +217,7 @@ Yields, in [hast][] (**note**: the `pre` and `language-js` class are normal
 Use of `mdast-util-to-hast` can open you up to a
 [cross-site scripting (XSS)][xss] attack.
 Embedded hast properties (`hName`, `hProperties`, `hChildren`), custom handlers,
-and the `allowDangerousHTML` option all provide openings.
+and the `allowDangerousHtml` option all provide openings.
 
 The following example shows how a script is injected where a benign code block
 is expected with embedded hast properties:
@@ -263,15 +263,15 @@ Yields:
 <h1>Hello</h1>
 ```
 
-Passing `allowDangerousHTML: true` to `mdast-util-to-hast` is typically still
+Passing `allowDangerousHtml: true` to `mdast-util-to-hast` is typically still
 not enough to run unsafe code:
 
 ```html
 <h1>Hello</h1>
 &#x3C;script>alert(3)&#x3C;/script>
 ```
 
-If `allowDangerousHTML: true` is also given to `hast-util-to-html` (or
+If `allowDangerousHtml: true` is also given to `hast-util-to-html` (or
 `rehype-stringify`), the unsafe code runs:
 
 ```html

test/html.js

@@ -7,10 +7,16 @@ var to = require('..')
 test('HTML', function(t) {
   t.equal(to(u('html', '<mike></mike>')), null, 'should ignore `html`')
 
+  t.deepEqual(
+    to(u('html', '<mike></mike>'), {allowDangerousHtml: true}),
+    u('raw', '<mike></mike>'),
+    'should transform `html` to `raw` if `allowDangerousHtml` is given'
+  )
+
   t.deepEqual(
     to(u('html', '<mike></mike>'), {allowDangerousHTML: true}),
     u('raw', '<mike></mike>'),
-    'should transform `html` to `raw` if `allowDangerousHTML` is given'
+    'should still transform `html` to `raw` if deprecated `allowDangerousHTML` is given'
   )
 
   t.end()

test/table.js

@@ -18,7 +18,7 @@ test('Table', function(t) {
         ]),
         u('tableRow', [u('tableCell', [u('text', 'alpha')])])
       ]),
-      {allowDangerousHTML: true}
+      {allowDangerousHtml: true}
     ),
     u('element', {tagName: 'table', properties: {}}, [
       u('text', '\n'),