1
0
mirror of https://github.com/erusev/parsedown.git synced 2023-08-10 21:13:06 +03:00
Better Markdown Parser in PHP https://parsedown.org
Go to file
2018-02-28 17:03:46 +00:00
test Merge pull request #495 from aidantwoods/anti-xss 2018-02-28 13:41:37 +02:00
.gitattributes Create .gitattributes 2016-06-24 14:18:01 +02:00
.travis.yml Rewrite Travis CI 2017-11-14 15:19:24 -02:00
composer.json Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase 2017-11-11 00:56:03 -02:00
LICENSE.txt Update LICENSE.txt 2018-01-01 14:09:31 +01:00
Parsedown.php Merge pull request #495 from aidantwoods/anti-xss 2018-02-28 13:41:37 +02:00
phpunit.xml.dist Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase 2017-11-11 00:56:03 -02:00
README.md Talk about safe mode in the README 2018-02-28 17:03:46 +00:00

I also make Caret - a Markdown editor for Mac and PC.

Parsedown

Build Status

Better Markdown Parser in PHP

Demo | Benchmarks | Tests | Documentation

Features

Installation

Include Parsedown.php or install the composer package.

Example

$Parsedown = new Parsedown();

echo $Parsedown->text('Hello _Parsedown_!'); # prints: <p>Hello <em>Parsedown</em>!</p>

More examples in the wiki and in this video tutorial.

Security

Parsedown is capable of escaping user-input within the HTML that it generates. Additionally Parsedown can attempt to sanitize additional scriping vectors (such as scripting link destinations). To tell Parsedown that it is processing untrusted user input, use the following:

$parsedown = new Parsedown;
$parsedown->setSafeMode(true);

It is recommended that when you deal with untrusted content (ex: user comments) you should employ defense-in-depth measures, like making use of a HTML sanitizer that allows HTML tags to be whitelisted, like HTML Purifier. Additionally, you should strongly consider deploying a Content-Secuity-Policy.

Questions

How does Parsedown work?

It tries to read Markdown like a human. First, it looks at the lines. Its interested in how the lines start. This helps it recognise blocks. It knows, for example, that if a line starts with a - then perhaps it belongs to a list. Once it recognises the blocks, it continues to the content. As it reads, it watches out for special characters. This helps it recognise inline elements (or inlines).

We call this approach "line based". We believe that Parsedown is the first Markdown parser to use it. Since the release of Parsedown, other developers have used the same approach to develop other Markdown parsers in PHP and in other languages.

Is it compliant with CommonMark?

It passes most of the CommonMark tests. Most of the tests that don't pass deal with cases that are quite uncommon. Still, as CommonMark matures, compliance should improve.

Who uses it?

phpDocumentor, October CMS, Bolt CMS, Kirby CMS, Grav CMS, Statamic CMS, Herbie CMS, RaspberryPi.org, Symfony demo and more.

How can I help?

Use it, star it, share it and if you feel generous, donate.