Deploying on the Web

⚠️ Warning

bml should never be run on untrusted user input. It allows the evaluation of arbitrary javascript, making it trivial to perform cross-site-scripting attacks on sites that, for example, might support bml in a user comment section. Don’t do this!

Using hosted and prebuilt artifacts

The easiest way to pull BML into your website is using the jsdelivr hosted artifacts. Simply add this tag to the <head> section of your page:

<script src=""></script>

Once loaded, bml is exposed by a single method which takes a string of markup and returns a rendered output string.

    document.getElementById("someTargetId").innerHTML =
        bml("some bml loaded as a js string");

ℹ️ Note

While CDN-hosted libraries are convenient, many prefer to self-host their dependencies for security, privacy, and reliability reasons. You can do this by downloading the bundle from the CDN or building it yourself, and hosting it from your website directly.

Building artifacts yourself

You can also build these artifacts yourself by cloning the BML repository and from within it running:

npm install
npm run build

This will produce a compiled and polyfilled file at dist/bml.bundle.js ready to be pulled into your site and used in most browsers we know about.

<script src="/path/to/bml.bundle.js"></script>

Using through an NPM Dependency

If your website is built using NPM (as in React sites, for example), BML can be added as a dependency in your site’s package.json.

  "dependencies": {
    "bml": "0.0.35"

Once added, BML can be imported in your Javascript code like any other package

const bml = require('bml');
console.log(bml("some bml code"));