alfredo-ramos/parsedown-extra-laravel

A Parsedown Extra package for Laravel and Lumen

1.0.0 2019-09-12 18:06 UTC

README

About

A Parsedown Extra package for Laravel and Lumen

Build Status Latest Stable Version Code Quality Code Coverage License

Compatibility

Version Laravel Lumen Status
0.6.x 5.4.x N/A End of life
0.7.x 5.5.x 5.5.x End of life
0.8.x >= 5.5.x, < 6.x.x >= 5.5.x, < 6.x.x Security fixes only
1.x.x 6.x.x 6.x.x Active support

Installation

Open your composer.json file and add the package in the require object:

"alfredo-ramos/parsedown-extra-laravel": "^1.0.0"

Then run composer update on your terminal.

Laravel

Service providers and aliases will be registered automatically since Laravel 5.5.x, thanks to the new package auto-discovery.

Lumen

In your bootstrap\app.php file and register the service provider:

$app->register(AlfredoRamos\ParsedownExtra\ParsedownExtraServiceProvider::class);

Then register the facade alias:

$app->withFacades(true, [
	AlfredoRamos\ParsedownExtra\Facades\ParsedownExtra::class => 'Markdown'
]);

Usage

sample.blade.php

{!! Markdown::parse("Hello world") !!}
{!! Markdown::parse("[XSS link](javascript:alert('xss'))") !!}

The code above will print:

<p>Hello world</p>

<!-- HTML Purifier enabled -->
<p><a>XSS link</a></p>

<!-- HTML Purifier disabled -->
<p><a href="javascript:alert('xss')">XSS link</a></p>

For your convenience, the markdown() helper function is also available. It accepts the same parameters as the facade.

markdown('Hello world', ['purifier' => false])

For a live demo, go to Parsedown Extra Demo.

Configuration

HTML Purifier is used to filter the HTML output, protecting your application for insecure content. Additionally, HTML5 Definitions for HTML Purifier is used to add new definitions and sanitization for HTML5.

You can pass an array or a string that will be the key of the settings array in your configuration file.

To add new or edit the default options, run the following command to make a copy of the configuration file:

php artisan vendor:publish \
	--provider='AlfredoRamos\ParsedownExtra\ParsedownExtraServiceProvider' \
	--tag=config --force

Using a string

Markdown::parse('Hello world', ['config' => 'comments'])

Where comments is the key of the array settings.

return [
	'purifier'	=> [
		'enabled'	=> true,
		'settings'	=> [
			'default' => [...],
			'comments' => [...]
		]
	]
];

Using an array

Markdown::parse('[DuckDuckGo](https://duckduckgo.com/)', ['config' => [
	'URI.Host' => 'localhost',
	'URI.DisableExternal' => true
]])

For all configuration options see the official HTML Purifier config docs.

Using the default settings

Markdown::parse('Hello world!')
// Is the same as
Markdown::parse('Hello world!', ['config' => 'default'])

You can temporarily disable it by setting the option purifier to false:

Markdown::parse('Text', ['purifier' => false])

HTML Purifier can be disabled permanently in the config/parsedownextra.php file.