Looking to hire Laravel developers? Try LaraJobs

laravel-markdown maintained by jeffersongoncalves

Description
A shared CommonMark renderer for Laravel with GitHub Flavored Markdown, optional heading permalinks, and server-side syntax highlighting (class-based tokens) via tempest/highlight. Safe by default: raw HTML is escaped unless you opt in to html_input=allow for trusted content. Requires PHP 8.4 because the syntax highlighter tempest/highlight requires it from 2.26 onward.
Last update
2026/06/23 13:53 (dev-master)
License
Downloads
47

Comments
comments powered by Disqus

Laravel Markdown

Laravel Markdown

Latest Version on Packagist GitHub Tests Action Status GitHub Code Style Action Status Total Downloads

A shared CommonMark renderer for Laravel with GitHub Flavored Markdown, optional heading permalinks, and server-side syntax highlighting on fenced code blocks. Highlighting is class-based (<span class="hl-…"> tokens via tempest/highlight's CssTheme) so the markup survives HTML sanitisation — you style the .hl-* classes in your own CSS.

Installation

You can install the package via composer:

composer require jeffersongoncalves/laravel-markdown

You can publish the config file with:

php artisan vendor:publish --tag="markdown-config"

This is the contents of the published config file:

return [
    'html_input' => 'allow',
    'allow_unsafe_links' => false,
    'heading_permalink' => [
        'symbol' => '#',
        'html_class' => 'md-anchor',
    ],
];

Usage

use JeffersonGoncalves\Markdown\Markdown;

// Render GitHub Flavored Markdown to HTML
$html = Markdown::render('# Hello **world**');

// Enable heading permalink anchors (adds <a class="md-anchor"> to each heading)
$html = Markdown::render($readme, headingPermalinks: true);

Fenced code blocks are highlighted server-side and emit class-based tokens:

$html = Markdown::render(<<<'MD'
```php
echo 'hello';
```
MD);
// => <pre><code>…<span class="hl-keyword">echo</span>…</code></pre>

Add the matching .hl-* styles (and .md-anchor if you use heading permalinks) to your own CSS.

[!WARNING] The renderer runs with html_input set to allow, so the output is UNSAFE for untrusted input (third-party READMEs, imported article bodies): raw HTML in the source is preserved. Always pass the output through an HTML sanitizer such as jeffersongoncalves/laravel-html-sanitizer before displaying it. Class-based highlight tokens are designed to survive sanitisation; inline-style highlighting would not.

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.