$sanitizer->entitiesMarkdown() method

Entity encode while translating some markdown tags to HTML equivalents

If you specify boolean TRUE for the $options argument, full markdown is applied. Otherwise, only basic markdown allowed, as outlined in the examples.

The primary reason to use this over full-on Markdown is that it has less overhead and is faster then full-blown Markdown, for when you don't need it. It's also safer for text coming from user input since it doesn't allow any other HTML. But if you just want full markdown, then specify TRUE for the $options argument.

Basic allowed markdown currently includes:

  • **strong**
  • *emphasis*
  • [anchor-text](url)
  • ~~strikethrough~~
  • code surrounded by backticks

Example

// basic markdown
echo $sanitizer->entitiesMarkdown($str);

// full markdown
echo $sanitizer->entitiesMarkdown($str, true); 

Usage

// basic usage
$string = $sanitizer->entitiesMarkdown(string $str);

// usage with all arguments
$string = $sanitizer->entitiesMarkdown(string $str, $options = []);

Arguments

NameType(s)Description
strstring

String to apply markdown to

options (optional)array, bool, int

Options include the following, or specify boolean TRUE to apply full markdown.

  • fullMarkdown (bool): Use full markdown rather than basic? (default=false) when true, most options no longer apply. Note: A markdown flavor integer may also be supplied for the fullMarkdown option.
  • flags (int): PHP htmlentities() flags. Default is ENT_QUOTES.
  • encoding (string): PHP encoding type. Default is 'UTF-8'.
  • doubleEncode (bool): Whether to double encode (if already encoded). Default is true.
  • allow (array): Only markdown that translates to these tags will be allowed. Default is most inline HTML tags.
  • disallow (array): Specified tags (in the default allow list) that won't be allowed. Default=[] empty array. (Note: The 'disallow' is an alternative to the default 'allow'. No point in using them both.)
  • linkMarkup (string): Markup to use for links. Default=<a href="{url}" rel="nofollow" target="_blank">{text}</a>.
  • allowBrackets (bool): Allow some inline-level bracket tags, i.e. [span.detail]text[/span] ? (default=false)

Return value

string

Formatted with a flavor of markdown


$sanitizer methods and properties

API reference based on ProcessWire core version 3.0.163

Twitter updates

  • This week ProcessWire version 3.0.166 is released on the dev branch. In this post we’ll cover all that’s new relative to the previous version, 3.0.165. Plus we’ll check out the latest new versions of ProCache and FormBuilder— More
    11 September 2020
  • Weekly update – 28 August 2020 – New secure files option defined per-template: More
    28 August 2020
  • ProcessWire 3.0.165 core updates (master and dev branch) and reCAPTCHA for FormBuilder module— More
    21 August 2020

Latest news

  • ProcessWire Weekly #331
    In the 331st issue of ProcessWire Weekly we're going to check out the latest core and Pro module updates (ProcessWire 3.0.166, ProCache 4.0.1, and Form Builder v44), introduce the Wireframe API module, and more. Read on!
    Weekly.pw / 12 September 2020
  • ProcessWire 3.0.166 core updates and more
    This week ProcessWire version 3.0.166 is released on the dev branch. In this post we’ll cover all that’s new relative to the previous version, 3.0.165. Plus we’ll check out the latest new versions of ProCache and FormBuilder.
    Blog / 11 September 2020
  • Subscribe to weekly ProcessWire news

“Indeed, if ProcessWire can be considered as a CMS in its own right, it also offers all the advantages of a CMF (Content Management Framework). Unlike other solutions, the programmer is not forced to follow the proposed model and can integrate his/her ways of doing things.” —Guy Verville, Spiria Digital Inc.