在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称(OpenSource Name):erusev/parsedown开源软件地址(OpenSource Url):https://github.com/erusev/parsedown开源编程语言(OpenSource Language):PHP 75.7%开源软件介绍(OpenSource Introduction):ParsedownBetter Markdown Parser in PHP - Demo. Features
InstallationInstall the composer package:
Or download the latest release and include Example$Parsedown = new Parsedown();
echo $Parsedown->text('Hello _Parsedown_!'); # prints: <p>Hello <em>Parsedown</em>!</p> You can also parse inline markdown only: echo $Parsedown->line('Hello _Parsedown_!'); # prints: Hello <em>Parsedown</em>! More examples in the wiki and in this video tutorial. SecurityParsedown is capable of escaping user-input within the HTML that it generates. Additionally Parsedown will apply sanitisation to additional scripting vectors (such as scripting link destinations) that are introduced by the markdown syntax itself. To tell Parsedown that it is processing untrusted user-input, use the following: $Parsedown->setSafeMode(true); If instead, you wish to allow HTML within untrusted user-input, but still want output to be free from XSS it is recommended that you make use of a HTML sanitiser that allows HTML tags to be whitelisted, like HTML Purifier. In both cases you should strongly consider employing defence-in-depth measures, like deploying a Content-Security-Policy (a browser security feature) so that your page is likely to be safe even if an attacker finds a vulnerability in one of the first lines of defence above. Security of Parsedown ExtensionsSafe mode does not necessarily yield safe results when using extensions to Parsedown. Extensions should be evaluated on their own to determine their specific safety against XSS. Escaping HTML
If you wish to escape HTML in trusted input, you can use the following: $Parsedown->setMarkupEscaped(true); Beware that this still allows users to insert unsafe scripting vectors, such as links like QuestionsHow does Parsedown work? It tries to read Markdown like a human. First, it looks at the lines. It’s interested in how the lines start. This helps it recognise blocks. It knows, for example, that if a line starts with a We call this approach "line based". We believe that Parsedown is the first Markdown parser to use it. Since the release of Parsedown, other developers have used the same approach to develop other Markdown parsers in PHP and in other languages. Is it compliant with CommonMark? It passes most of the CommonMark tests. Most of the tests that don't pass deal with cases that are quite uncommon. Still, as CommonMark matures, compliance should improve. Who uses it? Laravel Framework, Bolt CMS, Grav CMS, Herbie CMS, Kirby CMS, October CMS, Pico CMS, Statamic CMS, phpDocumentor, RaspberryPi.org, Symfony Demo and more. How can I help? Use it, star it, share it and if you feel generous, donate. What else should I know? I also make Nota — a writing app designed for Markdown files :) |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论