Parsedown

Better Markdown Parser in PHP
Alternatives To Parsedown
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Parsedown14,43952,8927522 months ago80May 21, 2022143mitPHP
Better Markdown Parser in PHP
Grav14,0322216 days ago275July 18, 2023421mitPHP
Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS powered by PHP, Markdown, Twig, and Symfony
Zola11,624
2 days ago6June 19, 2017225mitRust
A fast static site generator in a single binary with everything built-in. https://www.getzola.org
Tinacms9,3455933 days ago197August 01, 202358apache-2.0TypeScript
A fully open-source headless CMS that supports Git and Visual Editing
Pico3,7261382 months ago36August 29, 202014mitPHP
Pico is a stupidly simple, blazing fast, flat file CMS.
Mdwiki2,869
5 years ago120otherJavaScript
CMS/Wiki system using Javascript for 100% client side single page application using Markdown.
Content2,7591703 days ago53July 25, 2023305mitTypeScript
The file-based CMS for your Nuxt application, powered by Markdown and Vue components.
Awesome Static Generators2,313
a month ago4cc0-1.0
A curated list of static web site generators.
Vscode Front Matter1,447
2 days ago92mitTypeScript
Front Matter is a CMS running straight in Visual Studio Code. Can be used with static site generators like Hugo, Jekyll, Hexo, NextJs, Gatsby, and many more...
Htmly935
2 months ago155gpl-2.0PHP
Simple and fast databaseless PHP blogging platform, and Flat-File CMS
Alternatives To Parsedown
Select To Compare


Alternative Project Comparisons
Readme

Parsedown

Parsedown

Build Status Total Downloads Version License

Better Markdown Parser in PHP - Demo.

Features

Installation

Install the composer package:

composer require erusev/parsedown

Or download the latest release and include Parsedown.php

Example

$Parsedown = new Parsedown();

echo $Parsedown->text('Hello _Parsedown_!'); # prints: <p>Hello <em>Parsedown</em>!</p>

You can also parse inline markdown only:

echo $Parsedown->line('Hello _Parsedown_!'); # prints: Hello <em>Parsedown</em>!

More examples in the wiki and in this video tutorial.

Security

Parsedown is capable of escaping user-input within the HTML that it generates. Additionally Parsedown will apply sanitisation to additional scripting vectors (such as scripting link destinations) that are introduced by the markdown syntax itself.

To tell Parsedown that it is processing untrusted user-input, use the following:

$Parsedown->setSafeMode(true);

If instead, you wish to allow HTML within untrusted user-input, but still want output to be free from XSS it is recommended that you make use of a HTML sanitiser that allows HTML tags to be whitelisted, like HTML Purifier.

In both cases you should strongly consider employing defence-in-depth measures, like deploying a Content-Security-Policy (a browser security feature) so that your page is likely to be safe even if an attacker finds a vulnerability in one of the first lines of defence above.

Security of Parsedown Extensions

Safe mode does not necessarily yield safe results when using extensions to Parsedown. Extensions should be evaluated on their own to determine their specific safety against XSS.

Escaping HTML

WARNING: This method isn't safe from XSS!

If you wish to escape HTML in trusted input, you can use the following:

$Parsedown->setMarkupEscaped(true);

Beware that this still allows users to insert unsafe scripting vectors, such as links like [xss](javascript:alert%281%29).

Questions

How does Parsedown work?

It tries to read Markdown like a human. First, it looks at the lines. It’s interested in how the lines start. This helps it recognise blocks. It knows, for example, that if a line starts with a - then perhaps it belongs to a list. Once it recognises the blocks, it continues to the content. As it reads, it watches out for special characters. This helps it recognise inline elements (or inlines).

We call this approach "line based". We believe that Parsedown is the first Markdown parser to use it. Since the release of Parsedown, other developers have used the same approach to develop other Markdown parsers in PHP and in other languages.

Is it compliant with CommonMark?

It passes most of the CommonMark tests. Most of the tests that don't pass deal with cases that are quite uncommon. Still, as CommonMark matures, compliance should improve.

Who uses it?

Laravel Framework, Bolt CMS, Grav CMS, Herbie CMS, Kirby CMS, October CMS, Pico CMS, Statamic CMS, phpDocumentor, RaspberryPi.org, Symfony Demo and more.

How can I help?

Use it, star it, share it and if you feel generous, donate.

What else should I know?

I also make Nota — a writing app designed for Markdown files :)

Popular Markdown Projects
Popular Content Management System Projects
Popular Data Formats Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Html
Php
Markdown
Cms
Scripting
Commonmark
Markdown Parser