Parsedown v1.7.0 is released

Parsedown v1.7.0 is released

Since Laravel 5.4 the framework has included a markdown parser called Parsedown. It’s used internally for the markdown emails, but you can also easily use it in your apps.

The Parsedown team recently released v1.7.0 to address an XSS issue that caused the SensioLabs Composer vulnerability check to fail.

Laravel 5.6.7 was also just released that includes an update to the Parsedown dependency. Under rare circumstances, it could have some Markdown parsing side effects in your app, but you can always go back to the way it was before by setting the following:

$parsedown->setSafeMode(true);

In both cases, their readme recommends using a sanitizer, like HTML Purifier, when dealing with untrusted content.

To get this latest version just run a composer update on your Laravel app and you’ll be all set.


Filed in: News


Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

SENIOR FULL STACK SOFTWARE ENGINEER
Fort Worth, Texas
Filmsupply
PHP Web Developer
Orlando, FL
Christ for all Nations
PHP Developer
Manhattan, KS (open to Remote)
CivicPlus
Mid-Senior Laravel Developer
Exeter
Optix Solutions
Full Stack Web Developer
Las Vegas, NV
V Shred
Staff Software Engineer (Laravel)
Remote
smartbnb
Software Engineer (PHP, Laravel, Vue)
Los Angeles, CA
Relocity