Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Commonmark
Docs

Commonmark Laravel Package

league/commonmark

Highly extensible PHP Markdown parser supporting full CommonMark and GitHub-Flavored Markdown. Convert Markdown to HTML with simple converters, customize rendering via extensions, and run safely with options like stripping HTML and blocking unsafe links.

View on GitHub
Deep Wiki
Context7

layout: default title: Disallowed Raw HTML Extension description: The DisallowedRawHtmlExtension automatically escapes certain HTML tags when rendering raw HTML redirect_from:

  • /extensions/disallowed-raw-html/
  • /2.0/extensions/disallowed-raw-html/
  • /2.1/extensions/disallowed-raw-html/
  • /2.2/extensions/disallowed-raw-html/
  • /2.3/extensions/disallowed-raw-html/
  • /2.4/extensions/disallowed-raw-html/
  • /2.5/extensions/disallowed-raw-html/
  • /2.6/extensions/disallowed-raw-html/
  • /2.7/extensions/disallowed-raw-html/

Disallowed Raw HTML Extension

(Note: this extension is included by default within the GFM extension)

The DisallowedRawHtmlExtension automatically escapes certain HTML tags when rendering raw HTML, such as:

  • <title>
  • <textarea>
  • <style>
  • <xmp>
  • <iframe>
  • <noembed>
  • <noframes>
  • <script>
  • <plaintext>

Filtering is done by replacing the leading < with the entity &lt;.

This is required by the GFM spec because these particular tags could cause undesirable side-effects if a malicious user tries to introduce them.

All other HTML tags are left untouched by this extension.

Installation

This extension is bundled with league/commonmark. This library can be installed via Composer:

composer require league/commonmark

See the installation section for more details.

Usage

Configure your Environment as usual and simply add the DisallowedRawHtmlExtension provided by this package:

use League\CommonMark\Environment\Environment;
use League\CommonMark\Extension\CommonMark\CommonMarkCoreExtension;
use League\CommonMark\Extension\DisallowedRawHtml\DisallowedRawHtmlExtension;
use League\CommonMark\MarkdownConverter;

// Customize the extension's configuration if needed
// Default values are shown below - you can omit this configuration if you're happy with those defaults
// and don't want to customize them
$config = [
    'disallowed_raw_html' => [
        'disallowed_tags' => ['title', 'textarea', 'style', 'xmp', 'iframe', 'noembed', 'noframes', 'script', 'plaintext'],
    ],
];

// Configure the Environment with all the CommonMark parsers/renderers
$environment = new Environment($config);
$environment->addExtension(new CommonMarkCoreExtension());

// Add this extension
$environment->addExtension(new DisallowedRawHtmlExtension());

// Instantiate the converter engine and start converting some Markdown!
$converter = new MarkdownConverter($environment);
echo $converter->convert('I cannot change the page <title>anymore</title>');

Configuration

This extension can be configured by providing a disallowed_raw_html array with the following nested configuration options. The defaults are shown in the code example above.

disallowed_tags

An array containing a list of tags that should be escaped.

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport