1
0
mirror of https://github.com/erusev/parsedown.git synced 2023-08-10 21:13:06 +03:00
Better Markdown Parser in PHP https://parsedown.org
Go to file
Aidan Woods 054ba3c487
urlencode urls that are potentially unsafe:
this should break urls that attempt to include a protocol, or port (these are absolute URLs and should have a whitelisted protocol for use)
but URLs that are relative, or relative from the site root should be preserved (though characters non essential for the URL structure may be urlencoded)

this approach has significant advantages over attempting to locate something like `javascript:alert(1)` or `javascript:alert(1)` (which are both valid) because browsers have been known to ignore ridiculous characters when encountered (meaning something like `jav\ta\0\0script:alert(1)` would be xss :( ). Instead of trying to chase down a way to interpret a URL to decide whether there is a protocol, this approach ensures that two essential characters needed to achieve a colon are encoded `:` (obviously) and `;` (from `:`). If these characters appear in a relative URL then they are equivalent to their URL encoded form and so this change will be non breaking for that case.
2017-05-03 17:01:27 +01:00
test urlencode urls that are potentially unsafe: 2017-05-03 17:01:27 +01:00
.travis.yml Added PHP version 7.1 for tests 2016-10-09 01:58:47 +02:00
composer.json Update composer.json requirements 2016-01-06 19:44:53 +01:00
LICENSE.txt improve license 2013-07-24 01:38:38 +03:00
Parsedown.php urlencode urls that are potentially unsafe: 2017-05-03 17:01:27 +01:00
phpunit.xml.dist improve extensibility of test case 2014-09-26 02:06:16 +03:00
README.md Add Symfony demo to "Who uses it?" 2017-03-10 01:04:53 +02:00

You might also like Caret - our Markdown editor for Mac / Windows / Linux.

Parsedown

Build Status

Better Markdown Parser in PHP

Demo | Benchmarks | Tests | Documentation

Features

Installation

Include Parsedown.php or install the composer package.

Example

$Parsedown = new Parsedown();

echo $Parsedown->text('Hello _Parsedown_!'); # prints: <p>Hello <em>Parsedown</em>!</p>

More examples in the wiki and in this video tutorial.

Questions

How does Parsedown work?

It tries to read Markdown like a human. First, it looks at the lines. Its interested in how the lines start. This helps it recognise blocks. It knows, for example, that if a line starts with a - then perhaps it belongs to a list. Once it recognises the blocks, it continues to the content. As it reads, it watches out for special characters. This helps it recognise inline elements (or inlines).

We call this approach "line based". We believe that Parsedown is the first Markdown parser to use it. Since the release of Parsedown, other developers have used the same approach to develop other Markdown parsers in PHP and in other languages.

Is it compliant with CommonMark?

It passes most of the CommonMark tests. Most of the tests that don't pass deal with cases that are quite uncommon. Still, as CommonMark matures, compliance should improve.

Who uses it?

phpDocumentor, October CMS, Bolt CMS, Kirby CMS, Grav CMS, Statamic CMS, Herbie CMS, RaspberryPi.org, Symfony demo and more.

How can I help?

Use it, star it, share it and if you feel generous, donate.