mirror/php-parsedown
1
0
Fork 0
mirror of https://github.com/erusev/parsedown.git synced 2025-09-03 03:42:38 +02:00
Code Issues Releases Wiki Activity

More consistent code blocks in readme

Browse Source
This commit is contained in:
Emanuil Rusev
2018-12-28 12:50:30 +02:00
committed by GitHub
parent 48a2fb26fe
commit 4c2d79fc6a
1 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -60,9 +60,7 @@ Parsedown is capable of escaping user-input within the HTML that it generates. A
To tell Parsedown that it is processing untrusted user-input, use the following:
```php
$parsedown = new Parsedown;
$parsedown->setSafeMode(true);
$Parsedown->setSafeMode(true);
```
If instead, you wish to allow HTML within untrusted user-input, but still want output to be free from XSS it is recommended that you make use of a HTML sanitiser that allows HTML tags to be whitelisted, like [HTML Purifier](http://htmlpurifier.org/).
@@ -80,9 +78,7 @@ Safe mode does not necessarily yield safe results when using extensions to Parse
If you wish to escape HTML **in trusted input**, you can use the following:
```php
$parsedown = new Parsedown;
$parsedown->setMarkupEscaped(true);
$Parsedown->setMarkupEscaped(true);
```
Beware that this still allows users to insert unsafe scripting vectors, such as links like `[xss](javascript:alert%281%29)`.