Parsedown Laravel Package

The first stable release in over six years. Requires PHP 7.1+.

Breaking Changes

• PHP 7.1 minimum -- dropped support for PHP 5.3, 5.4, 5.5, 5.6, and 7.0.
• List separation by marker type -- lists using different markers (*, +, -, or switching between . and ) for ordered lists) are now treated as separate lists, matching the CommonMark spec.
• Lazy blockquotes -- consecutive blockquotes separated by a blank line are no longer merged into one, per CommonMark.
• Sparse HTML blocks -- blank lines inside block-level HTML are now wrapped in <p> tags instead of being preserved as-is.
• Empty ATX headings -- # and ## on their own now produce <h1></h1> and <h2></h2> instead of being treated as paragraphs.
• Extensions accessing block internals may need to update: the element structure uses element instead of text in some places (e.g. $Block['element']['element']['text'] instead of $Block['element']['text']['text']).

Security

• Regex patterns throughout the parser now use possessive quantifiers (*+, ++) to prevent catastrophic backtracking (ReDoS). This addresses denial-of-service vectors where malformed emphasis markers or other adversarial input could cause memory exhaustion or hangs.
• Safe mode now sanitizes nested elements correctly via recursive AST traversal. Previously, sanitization only applied at the top level.
• Extensions can mark self-produced HTML as trusted using allowRawHtmlInSafeMode so it isn't escaped in safe mode, while untrusted input remains escaped.

PHP Compatibility

• Fixed implicit nullable parameter deprecations for PHP 8.4+.
• Updated PHPUnit dependency and test infrastructure for modern PHP.
• CI moved from Travis CI to GitHub Actions.

CommonMark Compliance

• Setext headings now handle leading/trailing spaces correctly.
• ATX heading closing # sequences are trimmed properly (e.g. # # of levels # # renders as <h1># of levels #</h1>).
• Ordered lists support ) as a marker in addition to ..
• Ordered lists starting with a number other than 1 no longer interrupt paragraphs.
• One-column tables are now supported.
• Fenced code blocks require the closing fence to have at least as many backticks/tildes as the opening fence.
• HTML comments follow the CommonMark spec more closely.
• Email autolinks validate against the CommonMark email definition.
• Escaped tilde characters (\~\~) are no longer treated as strikethrough.

New Features

• Strict mode (setStrictMode(true)) -- requires a space after # in ATX headings (CommonMark-compliant behavior).

Bug Fixes

• Fixed "Uninitialized string offset" errors on certain inputs.
• Fixed adjacent blockquotes being incorrectly merged.
• Fixed line-break standardization when using the line() method directly.
• Fixed table header validation (headers containing newlines are no longer accepted).
• Fixed spaces in fenced code block class names.

This is an initial beta of the planned changes for v2.0.0.

Documentation is still being worked on for general usage. Some initial "extensions focused" documentation is available in: 2.0.x/docs/Migrating-Extensions-v2.0.md.

Introduce rawHtml concept from beta 1.8 that extensions may optionally utilise. In 1.8 beta versions this feature is utilised internally and might have compatibility issues with extensions, this release does not use this feature internally so no such issues will be present.

This is a security release and resolves an issue which would allow a user to add arbitrary classes to fenced code blocks. This might have security consequences, see #699 for more detail.

This is a pre-release.

To see what's changed from 1.7.1, please refer to the draft release notes in https://github.com/erusev/parsedown/issues/601.

Any testing, bug-reports, or bug-fixes are very welcome.

This beta increment is a security release and resolves an issue which would allow a user to add arbitrary classes to fenced code blocks. This might have security consequences, see #699 for more detail.

This is a pre-release.

To see what's changed from 1.7.1, please refer to the draft release notes in https://github.com/erusev/parsedown/issues/601.

Any testing, bug-reports, or bug-fixes are very welcome.

This beta release restores the existence of some previously deleted protected interface endpoints.

This is a pre-release.

To see what's changed from 1.7.1, please refer to the draft release notes in https://github.com/erusev/parsedown/issues/601.

Any testing, bug-reports, or bug-fixes are very welcome.

Some minor bug-fixes have been resolved since beta-3.

This is a pre-release.

To see what's changed from 1.7.1, please refer to the draft release notes in https://github.com/erusev/parsedown/issues/601.

Any testing, bug-reports, or bug-fixes are very welcome.

Essentially this is the second beta but I forgot to bump the class version number before tagging, and I'm not a fan of deleting version tags – hence number 3.

This is a pre-release.

To see what's changed from 1.7.1, please refer to the draft release notes in https://github.com/erusev/parsedown/issues/601.

Any testing, bug-reports, or bug-fixes are very welcome.

This is a bugfix release. The following have been resolved:

#475: "Loose" lists will now contain paragraphs in all items, not just some. #433: Links will no longer be double nested #525: The info-string when beginning a code block may now contain non-word characters (e.g. c++) #561: The mbstring extension (which we already depend on) has been added explicitly to composer.json #563: The Parsedown::version constant now matches the release version #560: Builds will now fail if we forget to update the version constant again 😉

Thanks to @PhrozenByte, @harikt, @erusev, @luizbills, and @aidantwoods for their contributions to this release.

• late static binding for Parsedown::instance()

This is a major release. It introduces a more granular class architecture. This improves extensibility and makes the code easier to read. The release also introduces an interface that allows independent parsing of inline elements.

p.s. There's an implementation detail that I'd like to mention. It is about the use of strpbrk. I wanted to mention it, because the idea that strpbrk could replace strpos came from another project - a Parsedown based project by @cebe. I should also mention that it was brought to my attention by @hkdobrev.

Version 0.8 features a new approach to parsing inline elements. Along with performance, it improves consistency.

To give an example, here are a markdown text and a comparison of the output that it would produce.

*em **strong em***
***strong em** em*
*em **strong em** em*

The parser used by GitHub.com:

<em>em *</em>strong em***
<em>**strong em</em>* em*
<em>em *</em>strong em** em*

Parsedown:

<p><em>em <strong>strong em</strong></em>
<strong><em>strong em</em>* em*
*em </strong>strong em*<em> em</em></p>

Additionally, version 0.8 features an option to enable automatic line breaks.

• support for fenced code block
• performance improvements
• code quality improvements

• escaping for special characters
• performance improvements

• HTML support
• Improved code block parsing