{"id":16094,"library":"js-bbcode-parser","title":"BBCode Parser for JavaScript","description":"The `js-bbcode-parser` library offers a simple and efficient solution for converting BBCode markup into HTML. Currently, at version 5.1.0, the package demonstrates an active development lifecycle with consistent updates within the v5 series since its major release. Its core strength lies in its configurability, allowing developers to extend the parser with custom BBCode tags and their corresponding HTML output. A crucial distinction is its explicit design choice *not* to include built-in XSS protection; implementers are responsible for sanitizing all user-generated input to prevent potential cross-site scripting vulnerabilities, making it a powerful but security-conscious tool. The library supports a comprehensive set of default BBCode tags, including formatting (`[b]`, `[i]`, `[u]`), headings (`[h1]` to `[h6]`), paragraphs (`[p]`), styling (`[color]`, `[size]`), and media (`[img]`, `[email]`). It also handles attributes like `class` and `data-*` within tags, providing flexibility for styled output. Its simple API makes integration straightforward, either by using a pre-configured default parser instance or by creating custom instances for more fine-grained control over the parsing rules.","status":"active","version":"5.1.0","language":"javascript","source_language":"en","source_url":"https://github.com/DasRed/js-bbcode-parser","tags":["javascript","bbcode","parser"],"install":[{"cmd":"npm install js-bbcode-parser","lang":"bash","label":"npm"},{"cmd":"yarn add js-bbcode-parser","lang":"bash","label":"yarn"},{"cmd":"pnpm add js-bbcode-parser","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This imports the default pre-configured parser instance, ready for use.","wrong":"import { bbCodeParser } from 'js-bbcode-parser';","symbol":"bbCodeParser","correct":"import bbCodeParser from 'js-bbcode-parser';"},{"note":"This imports the class constructor for creating custom parser instances. Note the explicit path to 'src/index.js'.","wrong":"import { BBCodeParser } from 'js-bbcode-parser';","symbol":"BBCodeParser","correct":"import BBCodeParser from 'js-bbcode-parser/src/index.js';"},{"note":"For CommonJS environments, the default export needs to be accessed via '.default' due to ESM interop.","wrong":"const bbCodeParser = require('js-bbcode-parser');","symbol":"bbCodeParser (CommonJS)","correct":"const bbCodeParser = require('js-bbcode-parser').default;"}],"quickstart":{"code":"import bbCodeParser from 'js-bbcode-parser';\nimport BBCodeParser from 'js-bbcode-parser/src/index.js';\n\n// Use the default pre-configured parser\nconst defaultParsed = bbCodeParser.parse('Hello [b]World[/b]! This is a [color=#FF0000]red[/color] text.');\nconsole.log('Default Parser Output:', defaultParsed);\n// Expected: \"Hello <strong>World</strong>! This is a <span style=\"color:#FF0000\">red</span> text.\"\n\n// Create a custom parser instance and add a custom tag\nconst customParser = new BBCodeParser({});\ncustomParser.addCode(\n  'mention',\n  (content, attr) => `<a href=\"/users/${attr.id}\">@${content}</a>`,\n  ['id'], // Required attribute\n  []    // Optional attributes\n);\n\nconst customParsed = customParser.parse('[mention id=123]Alice[/mention] says hello.');\nconsole.log('Custom Parser Output:', customParsed);\n// Expected: \"<a href=\"/users/123\">@Alice</a> says hello.\"\n\n// IMPORTANT: Sanitize user input before parsing, as this library does not provide XSS protection.\nconst userInput = '[b]Bold text[/b] and potentially malicious <img src=x onerror=alert(1)> content.';\n// In a real application, use a dedicated HTML sanitizer library here, e.g., DOMPurify\n// Example of basic (non-robust) sanitization (DO NOT rely on this for production XSS prevention!)\nconst basicSanitizedInput = userInput.replace(/<script[^>]*>.*?<\\/script>/gi, '');\nconst parsedAndSanitized = bbCodeParser.parse(basicSanitizedInput);\nconsole.log('Sanitized Input Output:', parsedAndSanitized);\n","lang":"javascript","description":"Demonstrates basic usage of the default parser, how to create and configure a custom parser with new BBCode tags, and highlights the critical need for XSS sanitization."},"warnings":[{"fix":"Review the v5.x documentation for new instantiation patterns (e.g., `new BBCodeParser({})`) and configuration methods (e.g., `parser.addCode()` or `parser.setCodes()`).","message":"Major API changes occurred between v2.x and v5.x, particularly concerning parser instantiation and configuration. Users upgrading from v2.x will need to refactor their code, especially around how custom codes are defined and applied.","severity":"breaking","affected_versions":">=5.0.0"},{"fix":"Always pass the parsed HTML output through a dedicated HTML sanitization library (e.g., DOMPurify) before rendering it in a browser or storing it. Do not rely on this library for XSS protection.","message":"js-bbcode-parser explicitly does not sanitize user input for XSS vulnerabilities. Developers MUST implement their own robust sanitization measures on the output HTML, especially when parsing untrusted user-generated content.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Ensure you use `import BBCodeParser from 'js-bbcode-parser/src/index.js';` for the class constructor. Be aware that changes to internal paths are possible in future major versions.","message":"Importing the class constructor `BBCodeParser` requires a specific path (`js-bbcode-parser/src/index.js`). While documented, relying on `src` paths might be less stable than official entry points for future versions.","severity":"gotcha","affected_versions":">=5.0.0"}],"env_vars":null,"last_verified":"2026-04-21T00:00:00.000Z","next_check":"2026-07-20T00:00:00.000Z","problems":[{"fix":"For CommonJS, use `const bbCodeParser = require('js-bbcode-parser').default;`. For ES Modules, ensure you are importing the default export correctly: `import bbCodeParser from 'js-bbcode-parser';`.","cause":"Incorrect import or CommonJS require statement attempting to call 'parse' directly on the module object instead of the default export.","error":"TypeError: bbCodeParser.parse is not a function"},{"fix":"Import the class constructor with `import BBCodeParser from 'js-bbcode-parser/src/index.js';`.","cause":"Attempting to create a new parser instance using `new BBCodeParser()` without importing the class constructor from its specific path.","error":"ReferenceError: BBCodeParser is not defined"},{"fix":"Register the custom BBCode tag using `parser.addCode('mycustomtag', (content) => `<div>${content}</div>');` before parsing the string.","cause":"A BBCode tag was used in the input string that has not been registered with the parser instance.","error":"Error: Unknown BBCode tag [mycustomtag]"}],"ecosystem":"npm"}