This is the documentation for the unsupported version 1.4. Please consider upgrading your code to the latest stable version

Disallowed Raw HTML Extension

(Note: this extension is included by default within the GFM extension)

The DisallowedRawHtmlExtension automatically filters certain HTML tags when rendering output, such as:

• <title>
• <textarea>
• <style>
• <xmp>
• <iframe>
• <noembed>
• <noframes>
• <script>
• <plaintext>

Filtering is done by replacing the leading < with the entity <.

This is required by the GFM spec because these particular tags could cause undesirable side-effects if a malicious user tries to introduce them.

All other HTML tags are left untouched by this extension.

Installation

This extension is bundled with league/commonmark. This library can be installed via Composer:

composer require league/commonmark

See the installation section for more details.

Usage

Configure your Environment as usual and simply add the DisallowedRawHtmlExtension provided by this package:

use League\CommonMark\CommonMarkConverter;
use League\CommonMark\Environment;
use League\CommonMark\Extension\DisallowedRawHtml\DisallowedRawHtmlExtension;

// Obtain a pre-configured Environment with all the CommonMark parsers/renderers ready-to-go
$environment = Environment::createCommonMarkEnvironment();

// Add this extension
$environment->addExtension(new DisallowedRawHtmlExtension());

// Instantiate the converter engine and start converting some Markdown!
$converter = new CommonMarkConverter([], $environment);
echo $converter->convertToHtml('I cannot change the page <title>anymore</title>');

Edit this page