devextreme-showdown
Advanced tools
Showdown is a Javascript Markdown to HTML converter, based on the original works by John Gruber. Showdown can be used client side (in the browser) or server side (with NodeJs).
This fork was created to fix the CVE-2020-7774 vulnerability and keep dependencies up to date
DevExtreme Showdown is released under the BSD-3-Clause license.
You can download the latest release tarball directly from releases
npm install devextreme-showdown
You can also use one of several CDNs available:
jsDelivr
https://cdn.jsdelivr.net/npm/devextreme-showdown@<version tag>/dist/showdown.min.js
unpkg
https://unpkg.com/devextreme-showdown/dist/showdown.min.js
Note: Replace <version tag> with an actual version you're interested in, for instance 1.0.0.
var showdown = require('devextreme-showdown'),
converter = new showdown.Converter(),
text = '# hello, markdown!',
html = converter.makeHtml(text);
var converter = new showdown.Converter(),
text = '# hello, markdown!',
html = converter.makeHtml(text);
Both examples should output...
<h1 id="hellomarkdown">hello, markdown!</h1>
You can change some of showdown's default behavior through options.
Options can be set:
Setting a "global" option affects all instances of showdown
showdown.setOption('optionKey', 'value');
Setting a "local" option only affects the specified Converter object. Local options can be set:
through the constructor
var converter = new showdown.Converter({optionKey: 'value'});
through the setOption() method
var converter = new showdown.Converter();
converter.setOption('optionKey', 'value');
Showdown provides 2 methods (both local and global) to retrieve previous set options.
// Global
var myOption = showdown.getOption('optionKey');
//Local
var myOption = converter.getOption('optionKey');
// Global
var showdownGlobalOptions = showdown.getOptions();
//Local
var thisConverterSpecificOptions = converter.getOptions();
You can get showdown's default options with:
var defaultOptions = showdown.getDefaultOptions();
omitExtraWLInCodeBlocks: (boolean) [default false] Omit the trailing newline in a code block. Ex:
This:
<code><pre>var foo = 'bar';
</pre></code>
Becomes this:
<code><pre>var foo = 'bar';</pre></code>
noHeaderId: (boolean) [default false] Disable the automatic generation of header ids. Setting to true overrides prefixHeaderId
customizedHeaderId: (boolean) [default false] Use text in curly braces as header id. (since v1.7.0) Example:
## Sample header {real-id} will use real-id as id
ghCompatibleHeaderId: (boolean) [default false] Generate header ids compatible with github style (spaces are replaced with dashes and a bunch of non alphanumeric chars are removed) (since v1.5.5)
prefixHeaderId: (string/boolean) [default false] Add a prefix to the generated header ids.
Passing a string will prefix that string to the header id. Setting to true will add a generic 'section' prefix.
rawPrefixHeaderId: (boolean) [default false] Setting this option to true will prevent showdown from modifying the prefix. This might result in malformed IDs (if, for instance, the " char is used in the prefix). Has no effect if prefixHeaderId is set to false. (since v 1.7.3)
rawHeaderId: (boolean) [default false] Remove only spaces, ' and " from generated header ids (including prefixes), replacing them with dashes (-). WARNING: This might result in malformed ids (since v1.7.3)
headerLevelStart: (integer) [default 1] Set the header starting level. For instance, setting this to 3 means that
# foo
will be parsed as
<h3>foo</h3>
parseImgDimensions: (boolean) [default false] Enable support for setting image dimensions from within markdown syntax. Examples:
 simple, assumes units are in px
 sets the height to "auto"
 Image with width of 80% and height of 5em
simplifiedAutoLink: (boolean) [default false] Turning this option on will enable automatic linking to urls. This means that:
some text www.google.com
will be parsed as
<p>some text <a href="www.google.com">www.google.com</a>
excludeTrailingPunctuationFromURLs: (boolean) [default false] This option excludes trailing punctuation from autolinking urls.
Punctuation excluded: . ! ? ( ). Only applies if simplifiedAutoLink option is set to true.
literalMidWordUnderscores: (boolean) [default false] Turning this on will stop showdown from interpreting
underscores in the middle of words as <em> and <strong> and instead treat them as literal underscores.
Example:
some text with__underscores__in middle
will be parsed as
<p>some text with__underscores__in middle</p>
literalMidWordAsterisks: (boolean) [default false] Turning this on will stop showdown from interpreting asterisks
in the middle of words as <em> and <strong> and instead treat them as literal asterisks.
strikethrough: (boolean) [default false] Enable support for strikethrough syntax.
~~strikethrough~~ as <del>strikethrough</del>
tables: (boolean) [default false] Enable support for tables syntax. Example:
| h1 | h2 | h3 |
|:------|:-------:|--------:|
| 100 | [a][1] | ![b][2] |
| *foo* | **bar** | ~~baz~~ |
See the wiki for more info
tablesHeaderId: (boolean) [default false] If enabled adds an id property to table headers tags.
ghCodeBlocks: (boolean) [default true] Enable support for GFM code block style.
tasklists: (boolean) [default false] Enable support for GFM tasklists. Example:
- [x] This task is done
- [ ] This is still pending
smoothLivePreview: (boolean) [default false] Prevents weird effects in live previews due to incomplete input
smartIndentationFix: (boolean) [default false] Tries to smartly fix indentation problems related to es6 template strings in the midst of indented code.
disableForced4SpacesIndentedSublists: (boolean) [default false] Disables the requirement of indenting sublists by 4 spaces for them to be nested, effectively reverting to the old behavior where 2 or 3 spaces were enough. (since v1.5.0)
simpleLineBreaks: (boolean) [default false] Parses line breaks as <br>, without
needing 2 spaces at the end of the line (since v1.5.1)
a line
wrapped in two
turns into:
<p>a line<br>
wrapped in two</p>
requireSpaceBeforeHeadingText: (boolean) [default false] Makes adding a space between # and the header text mandatory (since v1.5.3)
ghMentions: (boolean) [default false] Enables github @mentions, which link to the username mentioned (since v1.6.0)
ghMentionsLink: (string) [default https://github.com/{u}] Changes the link generated by @mentions.
Showdown will replace {u} with the username. Only applies if ghMentions option is enabled.
Example: @tivie with ghMentionsOption set to //mysite.com/{u}/profile will result in <a href="//mysite.com/tivie/profile">@tivie</a>
encodeEmails: (boolean) [default true] Enable e-mail addresses encoding through the use of Character Entities, transforming ASCII e-mail addresses into its equivalent decimal entities. (since v1.6.1)
NOTE: Prior to version 1.6.1, emails would always be obfuscated through dec and hex encoding.
openLinksInNewWindow: (boolean) [default false] Open all links in new windows
(by adding the attribute target="_blank" to <a> tags) (since v1.7.0)
backslashEscapesHTMLTags: (boolean) [default false] Support for HTML Tag escaping. ex: \<div>foo\</div> (since v1.7.2)
emoji: (boolean) [default false] Enable emoji support. Ex: this is a :smile: emoji
For more info on available emojis, see https://github.com/showdownjs/showdown/wiki/Emojis (since v.1.8.0)
underline: (boolean) [default false] EXPERIMENTAL FEATURE Enable support for underline.
Syntax is double or triple underscores ex: __underlined word__. With this option enabled, underscores are no longer parses into <em> and <strong>.
completeHTMLDocument: (boolean) [default false] Outputs a complete html document,
including <html>, <head> and <body> tags' instead of an HTML fragment. (since v.1.8.5)
metadata: (boolean) [default false] Enable support for document metadata (defined at the top of the document
between ««« and »»» or between --- and ---). (since v.1.8.5)
var conv = new showdown.Converter({metadata: true});
var html = conv.makeHtml(someMd);
var metadata = conv.getMetadata(); // returns an object with the document metadata
splitAdjacentBlockquotes: (boolean) [default false] Split adjacent blockquote blocks.(since v.1.8.6)
NOTE: Please note that until version 1.6.0, all of these options are DISABLED by default in the cli tool.
You can also use flavors or presets to set the correct options automatically, so that showdown behaves like popular markdown flavors.
Currently, the following flavors are available:
showdown.setFlavor('github');
converter.setFlavor('github');
Showdown also comes bundled with a Command Line Interface tool. You can check the CLI wiki page for more info
ShowdownJS project also provides seamlessly integration with AngularJS via a "plugin". Please visit https://github.com/showdownjs/ngShowdown for more information.
If you're using TypeScript you maybe want to use the types from DefinitelyTyped
Integration with SystemJS can be obtained via the third party "system-md" plugin.
To use ShowdownJS as a Vue component quickly, you can check vue-showdown.
Showdown doesn't sanitize the input. This is by design since markdown relies on it to allow certain features to be correctly parsed into HTML. This, however, means XSS injection is quite possible.
Please refer to the wiki article Markdown's XSS Vulnerability (and how to mitigate it) for more information.
Showdown allows additional functionality to be loaded via extensions. (you can find a list of known showdown extensions here) You can also find a boilerplate, to create your own extensions in this repository
<script src="showdown.js" />
<script src="twitter-extension.js" />
var converter = new showdown.Converter({ extensions: ['twitter'] });
var showdown = require('devextreme-showdown'),
myExtension = require('myExtension'),
converter = new showdown.Converter({ extensions: ['myExtension'] });
A suite of tests is available which require node.js. Once node is installed, run the following command from the project root to install the dependencies:
npm install
Once installed the tests can be run from the project root using:
npm test
New test cases can easily be added. Create a markdown file (ending in .md) which contains the markdown to test.
Create a .html file of the exact same name. It will automatically be tested when the tests are executed with mocha.
Full credit list at https://github.com/showdownjs/showdown/blob/master/CREDITS.md
Showdown is powered by:
FAQs
A Markdown to HTML converter written in Javascript
The npm package devextreme-showdown receives a total of 46,225 weekly downloads. As such, devextreme-showdown popularity was classified as popular.
We found that devextreme-showdown demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.