Valvoıd.
search hotlink icon profile hotlink icon
Pa public|1.7.4

Package Info

Better Markdown Parser in PHP.

Repository

gitlab.com

Activity

  • Created on Jan 16, 2025
  • Updated on Mar 13, 2025

Statistics

  • 8 requests
  • 1 versions

Build Methods

Nested Dependency

To build this package as a nested dependency of your package, add its default registry source valvoid.com/valvoid/parsedown/1.7.4 to one of your metadata files. For example, you can include it in the production fusion.json file, such as: 

{
    "name": "Package",
    "description": "An example source package.",
    "id": "source/package",
    "version": "0.1.0",
    "structure": {
        "/cache": "cache",
        "/dependencies": [
            "valvoid.com/valvoid/parsedown/1.7.4"
        ]
    },
    "environment": {
        "php": {
            "version": "8.1.0"
        }
    }
}

Standalone

To build this package as an independent root package, extend the build command with the default registry source valvoid.com/valvoid/parsedown/1.7.4 as follows: 

fusion build build.source=valvoid.com/valvoid/parsedown/1.7.4

Optional Repository Source

In addition, to build an offset reference version, replace the default registry source in installation methods mentioned above with the VCS source prefix gitlab.com/valvoid/parsedown/, and refer to the linked source code repository for possible branches, commits, and tags to use as the suffix.

Metadata

The synchronized package's metadata file, fusion.json, contains the following content: 

{
  "name": "Parsedown",
  "description": "Parser for Markdown.",
  "id" : "valvoid/parsedown",
  "version" : "1.7.4",
  "structure": {
    "/cache": "cache"
  },
  "environment": {
    "php": {
      "version": "8.1.0"
    }
  }
}

Readme

Parsedown

This is a wrapper for the Fusion package manager, featuring a fusion.json metadata file and the strict Valvoid\Parsedown id/namespace.

I also make Caret - a Markdown editor for Mac and PC.

Build Status

Better Markdown Parser in PHP

Demo | Benchmarks | Tests | Documentation

Features

Installation

Include Parsedown.php.

Example

$Parsedown = new Parsedown();

echo $Parsedown->text('Hello _Parsedown_!'); # prints: Hello Parsedown!

More examples in the wiki and in this video tutorial.

Security

Parsedown is capable of escaping user-input within the HTML that it generates. Additionally Parsedown will apply sanitisation to additional scripting vectors (such as scripting link destinations) that are introduced by the markdown syntax itself.

To tell Parsedown that it is processing untrusted user-input, use the following:

$parsedown = new Parsedown;
$parsedown->setSafeMode(true);

If instead, you wish to allow HTML within untrusted user-input, but still want output to be free from XSS it is recommended that you make use of a HTML sanitiser that allows HTML tags to be whitelisted, like HTML Purifier.

In both cases you should strongly consider employing defence-in-depth measures, like deploying a Content-Security-Policy (a browser security feature) so that your page is likely to be safe even if an attacker finds a vulnerability in one of the first lines of defence above.

Security of Parsedown Extensions

Safe mode does not necessarily yield safe results when using extensions to Parsedown. Extensions should be evaluated on their own to determine their specific safety against XSS.

Escaping HTML

⚠️  WARNING: This method isn't safe from XSS!

If you wish to escape HTML in trusted input, you can use the following:

$parsedown = new Parsedown;
$parsedown->setMarkupEscaped(true);

Beware that this still allows users to insert unsafe scripting vectors, such as links like [xss](javascript:alert%281%29).

Questions

How does Parsedown work?

It tries to read Markdown like a human. First, it looks at the lines. It’s interested in how the lines start. This helps it recognise blocks. It knows, for example, that if a line starts with a - then perhaps it belongs to a list. Once it recognises the blocks, it continues to the content. As it reads, it watches out for special characters. This helps it recognise inline elements (or inlines).

We call this approach "line based". We believe that Parsedown is the first Markdown parser to use it. Since the release of Parsedown, other developers have used the same approach to develop other Markdown parsers in PHP and in other languages.

Is it compliant with CommonMark?

It passes most of the CommonMark tests. Most of the tests that don't pass deal with cases that are quite uncommon. Still, as CommonMark matures, compliance should improve.

Who uses it?

Laravel Framework, Bolt CMS, Grav CMS, Herbie CMS, Kirby CMS, October CMS, Pico CMS, Statamic CMS, phpDocumentor, RaspberryPi.org, Symfony demo and more.

How can I help?

Use it, star it, share it and if you feel generous, donate.