README.md (view raw)
1[![Build Status](https://travis-ci.org/russross/blackfriday.svg?branch=master)](https://travis-ci.org/russross/blackfriday)
2
3Blackfriday
4===========
5
6Blackfriday is a [Markdown][1] processor implemented in [Go][2]. It
7is paranoid about its input (so you can safely feed it user-supplied
8data), it is fast, it supports common extensions (tables, smart
9punctuation substitutions, etc.), and it is safe for all utf-8
10(unicode) input.
11
12HTML output is currently supported, along with Smartypants
13extensions. An experimental LaTeX output engine is also included.
14
15It started as a translation from C of [upskirt][3].
16
17
18Installation
19------------
20
21Blackfriday is compatible with Go 1. If you are using an older
22release of Go, consider using v1.1 of blackfriday, which was based
23on the last stable release of Go prior to Go 1. You can find it as a
24tagged commit on github.
25
26With Go 1 and git installed:
27
28 go get github.com/russross/blackfriday
29
30will download, compile, and install the package into your `$GOPATH`
31directory hierarchy. Alternatively, you can achieve the same if you
32import it into a project:
33
34 import "github.com/russross/blackfriday"
35
36and `go get` without parameters.
37
38Usage
39-----
40
41For basic usage, it is as simple as getting your input into a byte
42slice and calling:
43
44 output := blackfriday.MarkdownBasic(input)
45
46This renders it with no extensions enabled. To get a more useful
47feature set, use this instead:
48
49 output := blackfriday.MarkdownCommon(input)
50
51### Sanitize untrusted content
52
53Blackfriday itself does nothing to protect against malicious content. If you are
54dealing with user-supplied markdown, we recommend running blackfriday's output
55through HTML sanitizer such as
56[Bluemonday](https://github.com/microcosm-cc/bluemonday).
57
58Here's an example of simple usage of blackfriday together with bluemonday:
59
60``` go
61import (
62 "github.com/microcosm-cc/bluemonday"
63 "github.com/russross/blackfriday"
64)
65
66// ...
67unsafe := blackfriday.MarkdownCommon(input)
68html := bluemonday.UGCPolicy().SanitizeBytes(unsafe)
69```
70
71### Custom options
72
73If you want to customize the set of options, first get a renderer
74(currently either the HTML or LaTeX output engines), then use it to
75call the more general `Markdown` function. For examples, see the
76implementations of `MarkdownBasic` and `MarkdownCommon` in
77`markdown.go`.
78
79You can also check out `blackfriday-tool` for a more complete example
80of how to use it. Download and install it using:
81
82 go get github.com/russross/blackfriday-tool
83
84This is a simple command-line tool that allows you to process a
85markdown file using a standalone program. You can also browse the
86source directly on github if you are just looking for some example
87code:
88
89* <http://github.com/russross/blackfriday-tool>
90
91Note that if you have not already done so, installing
92`blackfriday-tool` will be sufficient to download and install
93blackfriday in addition to the tool itself. The tool binary will be
94installed in `$GOPATH/bin`. This is a statically-linked binary that
95can be copied to wherever you need it without worrying about
96dependencies and library versions.
97
98
99Features
100--------
101
102All features of upskirt are supported, including:
103
104* **Compatibility**. The Markdown v1.0.3 test suite passes with
105 the `--tidy` option. Without `--tidy`, the differences are
106 mostly in whitespace and entity escaping, where blackfriday is
107 more consistent and cleaner.
108
109* **Common extensions**, including table support, fenced code
110 blocks, autolinks, strikethroughs, non-strict emphasis, etc.
111
112* **Safety**. Blackfriday is paranoid when parsing, making it safe
113 to feed untrusted user input without fear of bad things
114 happening. The test suite stress tests this and there are no
115 known inputs that make it crash. If you find one, please let me
116 know and send me the input that does it.
117
118 NOTE: "safety" in this context means *runtime safety only*. In order to
119 protect yourself agains JavaScript injection in untrusted content, see
120 [this example](https://github.com/russross/blackfriday#sanitize-untrusted-content).
121
122* **Fast processing**. It is fast enough to render on-demand in
123 most web applications without having to cache the output.
124
125* **Thread safety**. You can run multiple parsers in different
126 goroutines without ill effect. There is no dependence on global
127 shared state.
128
129* **Minimal dependencies**. Blackfriday only depends on standard
130 library packages in Go. The source code is pretty
131 self-contained, so it is easy to add to any project, including
132 Google App Engine projects.
133
134* **Standards compliant**. Output successfully validates using the
135 W3C validation tool for HTML 4.01 and XHTML 1.0 Transitional.
136
137
138Extensions
139----------
140
141In addition to the standard markdown syntax, this package
142implements the following extensions:
143
144* **Intra-word emphasis supression**. The `_` character is
145 commonly used inside words when discussing code, so having
146 markdown interpret it as an emphasis command is usually the
147 wrong thing. Blackfriday lets you treat all emphasis markers as
148 normal characters when they occur inside a word.
149
150* **Tables**. Tables can be created by drawing them in the input
151 using a simple syntax:
152
153 ```
154 Name | Age
155 --------|------
156 Bob | 27
157 Alice | 23
158 ```
159
160* **Fenced code blocks**. In addition to the normal 4-space
161 indentation to mark code blocks, you can explicitly mark them
162 and supply a language (to make syntax highlighting simple). Just
163 mark it like this:
164
165 ``` go
166 func getTrue() bool {
167 return true
168 }
169 ```
170
171 You can use 3 or more backticks to mark the beginning of the
172 block, and the same number to mark the end of the block.
173
174* **Autolinking**. Blackfriday can find URLs that have not been
175 explicitly marked as links and turn them into links.
176
177* **Strikethrough**. Use two tildes (`~~`) to mark text that
178 should be crossed out.
179
180* **Hard line breaks**. With this extension enabled (it is off by
181 default in the `MarkdownBasic` and `MarkdownCommon` convenience
182 functions), newlines in the input translate into line breaks in
183 the output.
184
185* **Smart quotes**. Smartypants-style punctuation substitution is
186 supported, turning normal double- and single-quote marks into
187 curly quotes, etc.
188
189* **LaTeX-style dash parsing** is an additional option, where `--`
190 is translated into `–`, and `---` is translated into
191 `—`. This differs from most smartypants processors, which
192 turn a single hyphen into an ndash and a double hyphen into an
193 mdash.
194
195* **Smart fractions**, where anything that looks like a fraction
196 is translated into suitable HTML (instead of just a few special
197 cases like most smartypant processors). For example, `4/5`
198 becomes `<sup>4</sup>⁄<sub>5</sub>`, which renders as
199 <sup>4</sup>⁄<sub>5</sub>.
200
201
202Other renderers
203---------------
204
205Blackfriday is structured to allow alternative rendering engines. Here
206are a few of note:
207
208* [github_flavored_markdown](https://godoc.org/github.com/shurcooL/go/github_flavored_markdown):
209 provides a GitHub Flavored Markdown renderer with fenced code block
210 highlighting, clickable header anchor links.
211
212 It's not customizable, and its goal is to produce HTML output
213 equivalent to the [GitHub Markdown API endpoint](https://developer.github.com/v3/markdown/#render-a-markdown-document-in-raw-mode),
214 except the rendering is performed locally.
215
216* [markdownfmt](https://github.com/shurcooL/markdownfmt): like gofmt,
217 but for markdown.
218
219* LaTeX output: renders output as LaTeX. This is currently part of the
220 main Blackfriday repository, but may be split into its own project
221 in the future. If you are interested in owning and maintaining the
222 LaTeX output component, please be in touch.
223
224 It renders some basic documents, but is only experimental at this
225 point. In particular, it does not do any inline escaping, so input
226 that happens to look like LaTeX code will be passed through without
227 modification.
228
229
230Todo
231----
232
233* More unit testing
234* Markdown pretty-printer output engine
235* Improve unicode support. It does not understand all unicode
236 rules (about what constitutes a letter, a punctuation symbol,
237 etc.), so it may fail to detect word boundaries correctly in
238 some instances. It is safe on all utf-8 input.
239
240
241License
242-------
243
244Blackfriday is distributed under the Simplified BSD License:
245
246> Copyright © 2011 Russ Ross
247> All rights reserved.
248>
249> Redistribution and use in source and binary forms, with or without
250> modification, are permitted provided that the following conditions
251> are met:
252>
253> 1. Redistributions of source code must retain the above copyright
254> notice, this list of conditions and the following disclaimer.
255>
256> 2. Redistributions in binary form must reproduce the above
257> copyright notice, this list of conditions and the following
258> disclaimer in the documentation and/or other materials provided with
259> the distribution.
260>
261> THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
262> "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
263> LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
264> FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
265> COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
266> INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
267> BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
268> LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
269> CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
270> LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
271> ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
272> POSSIBILITY OF SUCH DAMAGE.
273
274
275 [1]: http://daringfireball.net/projects/markdown/ "Markdown"
276 [2]: http://golang.org/ "Go Language"
277 [3]: http://github.com/tanoku/upskirt "Upskirt"