Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Commonmark Laravel Package

league/commonmark

Extensible PHP Markdown parser supporting the full CommonMark spec and GitHub-Flavored Markdown. Works with PHP 7.4+ (mbstring) and provides simple converters to turn Markdown into HTML with configurable safety options.

View on GitHub

Deep Wiki

Context7

2.8.2

This is a security release to address an issue where the allowed_domains setting for the Embed extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.

Fixed

Fixed DomainFilteringAdapter hostname boundary bypass where domains like youtube.com.evil could match an allowlist entry for youtube.com (GHSA-hh8v-hgvp-g3f5)

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2

2.8.1

What's Changed

This is a security release to address an issue where DisallowedRawHtml can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.

Fixed

Fixed DisallowedRawHtmlRenderer not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)
Fixed PHP 8.5 deprecation (#1107)

New Contributors

@Kocal made their first contribution in https://github.com/thephpleague/commonmark/pull/1106
@freost made their first contribution in https://github.com/thephpleague/commonmark/pull/1107

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1

2.8.0

What's Changed

Added

Added a new HighlightExtension for marking important text using == syntax (#1100)

Fixed

Fixed AutolinkExtension incorrectly matching URLs after invalid www. prefix (#1095, #1103)

New Contributors

@samwilson made their first contribution in https://github.com/thephpleague/commonmark/pull/1090
@ossobuffo made their first contribution in https://github.com/thephpleague/commonmark/pull/1100

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0

2.7.1

Notable Changes

Changed

Optimized several regular expressions in RegexHelper to improve performance (#674, #1086)

Fixed

EmbedProcessor no longer calls updateEmbeds() when there are no embeds to update (#1081)
Fixed missing benchmark.php CSV path validation for non-existent files (#1068, #1085)

New Contributors

@driesvints made their first contribution in https://github.com/thephpleague/commonmark/pull/1077
@adielcristo made their first contribution in https://github.com/thephpleague/commonmark/pull/1079
@Copilot made their first contribution in https://github.com/thephpleague/commonmark/pull/1085

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.7.0...2.7.1

2.7.0

This is a security release to address a potential cross-site scripting (XSS) vulnerability when using the AttributesExtension with untrusted user input.

Added

Added attributes/allow config option to specify which attributes users are allowed to set on elements (default allows virtually all attributes)

Changed

The AttributesExtension blocks all attributes starting with on unless explicitly allowed via the attributes/allow config option
The allow_unsafe_links option is now respected by the AttributesExtension when users specify href and src attributes

2.6.2

Fixed

Fixed Attributes extension parsing regression (#1071)

Other Changes

fix incorrect interface in docs v2.6 by @CharrafiMed in https://github.com/thephpleague/commonmark/pull/1063
docs/2.6/extensions/front-matter.md: add missing newline by @DanielEScherzer in https://github.com/thephpleague/commonmark/pull/1069

New Contributors

@CharrafiMed made their first contribution in https://github.com/thephpleague/commonmark/pull/1063
@DanielEScherzer made their first contribution in https://github.com/thephpleague/commonmark/pull/1069

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.6.1...2.6.2

2.6.1

Fixed

Rendered list items should only add newlines around block-level children (#1059, #1061)

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.6.0...2.6.1

2.6.0

This is a security release to address potential denial of service attacks when parsing specially crafted, malicious input from untrusted sources (like user input). See https://github.com/thephpleague/commonmark/security/advisories/GHSA-c2pc-g5qf-rfrf for more details.

Added

Added max_delimiters_per_line config option to prevent denial of service attacks when parsing malicious input
Added table/max_autocompleted_cells config option to prevent denial of service attacks when parsing large tables
The AttributesExtension now supports attributes without values (#985, #986)
The AutolinkExtension exposes two new configuration options to override the default behavior (#969, #987):
- autolink/allowed_protocols - an array of protocols to allow autolinking for
- autolink/default_protocol - the default protocol to use when none is specified
Added RegexHelper::isWhitespace() method to check if a given character is an ASCII whitespace character
Added CacheableDelimiterProcessorInterface to ensure linear complexity for dynamic delimiter processing
Added Bracket delimiter type to optimize bracket parsing

Changed

[ and ] are no longer added as Delimiter objects on the stack; a new Bracket type with its own stack is used instead
UrlAutolinkParser no longer parses URLs with more than 127 subdomains
Expanded reference links can no longer exceed 100kb, or the size of the input document (whichever is greater)
Delimiters should always provide a non-null value via DelimiterInterface::getIndex()
- We'll attempt to infer the index based on surrounding delimiters where possible
The DelimiterStack now accepts integer positions for any $stackBottom argument
Several small performance optimizations

2.5.3

Changed

Made compatible with CommonMark spec 0.31.1, including:
- Remove source, add search to list of recognized block tags

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.5.2...2.5.3

2.5.2

Changed

Boolean attributes now require an explicit true value (#1040)

Fixed

Fixed regression where text could be misinterpreted as an attribute (#1040)

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.5.1...2.5.2

2.5.1

Fixed

Fixed attribute parsing incorrectly parsing mustache-like syntax (#1035)
Fixed incorrect Table start line numbers (#1037)

New Contributors

@jasonvarga made their first contribution in https://github.com/thephpleague/commonmark/pull/1035

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.5.0...2.5.1

2.5.0

Added

The AttributesExtension now supports attributes without values (#985, #986)
The AutolinkExtension exposes two new configuration options to override the default behavior (#969, #987):
- autolink/allowed_protocols - an array of protocols to allow autolinking for
- autolink/default_protocol - the default protocol to use when none is specified

Changed

Made compatible with CommonMark spec 0.31.0, including:
- Allow closing fence to be followed by tabs
- Remove restrictive limitation on inline comments
- Unicode symbols now treated like punctuation (for purposes of flankingness)
- Trailing tabs on the last line of indented code blocks will be excluded
- Improved HTML comment matching
Paragraphs only containing link reference definitions will be kept in the AST until the Document is finalized
- (These were previously removed immediately after parsing the Paragraph)

Fixed

Fixed list tightness not being determined properly in some edge cases
Fixed incorrect ending line numbers for several block types in various scenarios
Fixed lowercase inline HTML declarations not being accepted

New Contributors

@svenluijten made their first contribution in https://github.com/thephpleague/commonmark/pull/986

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.4.4...2.5.0

2.4.4

Fixed

Fixed SmartPunct extension changing already-formatted quotation marks (#1030)

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.4.3...2.4.4

2.4.3

Fixed

Fixed the Attributes extension not supporting CSS level 3 selectors (#1013)
Fixed UrlAutolinkParser incorrectly parsing text containing www anywhere before an autolink (#1025)

New Contributors

@nfreader made their first contribution in https://github.com/thephpleague/commonmark/pull/1016
@macbookandrew made their first contribution in https://github.com/thephpleague/commonmark/pull/1025
@xavierlacot made their first contribution in https://github.com/thephpleague/commonmark/pull/1013

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.4.2...2.4.3

2.4.2

Fixed

Fixed declaration parser being too strict
FencedCodeRenderer: don't add language- to class if already prefixed

New Contributors

@sergiy-petrov made their first contribution in https://github.com/thephpleague/commonmark/pull/997
@clustermin made their first contribution in https://github.com/thephpleague/commonmark/pull/988
@peter279k made their first contribution in https://github.com/thephpleague/commonmark/pull/996

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.4.1...2.4.2

2.4.1

Fixed

Fixed ExternalLinkProcessor not fully disabling the rel attribute when configured to do so (#992)

2.4.0

See the upgrading guide for more information about the exception-related changes

Added

Added generic CommonMarkException marker interface for all exceptions thrown by the library
Added several new specific exception types implementing that marker interface:
- AlreadyInitializedException
- InvalidArgumentException
- IOException
- LogicException
- MissingDependencyException
- NoMatchingRendererException
- ParserLogicException
Added more configuration options to the Heading Permalinks extension (#939):
- heading_permalink/apply_id_to_heading - When true, the id attribute will be applied to the heading element itself instead of the <a> tag
- heading_permalink/heading_class - class to apply to the heading element
- heading_permalink/insert - now accepts none to prevent the creation of the <a> link
Added new table/alignment_attributes configuration option to control how table cell alignment is rendered (#959)

Changed

Change several thrown exceptions from RuntimeException to LogicException (or something extending it), including:
- CallbackGenerators that fail to set a URL or return an expected value
- MarkdownParser when deactivating the last block parser or attempting to get an active block parser when they've all been closed
- Adding items to an already-initialized Environment
- Rendering a Node when no renderer has been registered for it
HeadingPermalinkProcessor now throws InvalidConfigurationException instead of RuntimeException when invalid config values are given.
HtmlElement::setAttribute() no longer requires the second parameter for boolean attributes
Several small micro-optimizations
Changed Strikethrough to only allow 1 or 2 tildes per the updated GFM spec

Fixed

Fixed inaccurate [@throws](https://github.com/throws) docblocks throughout the codebase, including ConverterInterface, MarkdownConverter, and MarkdownConverterInterface.
- These previously suggested that only \RuntimeExceptions were thrown, which was inaccurate as \LogicExceptions were also possible.

2.3.9

Fixed

Fixed autolink extension not detecting some URIs with underscores (#956)

2.3.8

Fixed

Fixed parsing issues when mb_internal_encoding() is set to something other than UTF-8 (#951)

2.3.7

Fixed

Fixed TaskListItemMarkerRenderer not including HTML attributes set on the node by other extensions (#947)

2.3.6

Fixed

Fixed unquoted attribute parsing when closing curly brace is followed by certain characters (like a .) (#943)

2.3.5

Fixed

Fixed error using InlineParserEngine when no inline parsers are registered in the Environment (#908)

2.3.4

Changed

Made a number of small tweaks to the embed extension's parsing behavior to fix #898:
- Changed EmbedStartParser to always capture embed-like lines in container blocks, regardless of parent block type
- Changed EmbedProcessor to also remove Embed blocks that aren't direct children of the Document
- Increased the priority of EmbedProcessor to 1010

Fixed

Fixed EmbedExtension not parsing embeds following a list block (#898)

2.3.3

Fixed

Fixed DomainFilteringAdapter not reindexing the embed list (#884, #885)

2.3.2

Fixed

Fixed FootnoteExtension stripping extra characters from tab-indented footnotes (#881)

2.2.5

Fixed

Fixed FootnoteExtension stripping extra characters from tab-indented footnotes (#881)

2.3.1

Fixed

Fixed AutolinkExtension not ignoring trailing strikethrough syntax (#867)

2.2.4

Fixed

Fixed AutolinkExtension not ignoring trailing strikethrough syntax (#867)

2.3.0

Added

Added new EmbedExtension (#805)
Added DocumentRendererInterface as a replacement for the now-deprecated MarkdownRendererInterface

Deprecated

Deprecated MarkdownRendererInterface; use DocumentRendererInterface instead

2.2.3

Fixed

Fixed front matter parsing with Windows line endings (#821)

2.1.3

Fixed

Fixed front matter parsing with Windows line endings (#821)

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hamzi/corewatch

minionfactory/raw-hydrator

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope