Norway


Since Laravel 5.4 the framework has included a markdown parser called . It’s used internally for the markdown emails, but you can also easily use it in your apps.

The Parsedown team recently v1.7.0 to an XSS issue that caused the SensioLabs Composer vulnerability check to fail.

5.6.7 was also just released that includes an update to the Parsedown dependency. Under rare circumstances, it could have some Markdown parsing side effects in your , but you can always go back to the way it was before by setting the following:

$parsedown->setSafeMode(true);

In both cases, their readme recommends using a sanitizer, like HTML Purifier, when dealing with untrusted content.

To get this latest version just run a composer update on your Laravel app and you’ll be all set.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here