Markdown

Latest version: v3.7

Safety actively analyzes 714860 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 5

3.3.5

Fixed

* Make the `slugify_unicode` function not remove diacritical marks (1118).
* Fix `[toc]` detection when used with `nl2br` extension (1160).
* Re-use compiled regex for block level checks (1169).
* Don't process shebangs in fenced code blocks when using CodeHilite (1156).
* Improve email address validation for Automatic Links (1165).
* Ensure `<summary>` tags are parsed correctly (1079).
* Support Python 3.10 (1124).

3.3.4

Fixed

* Properly parse unclosed tags in code spans (1066).
* Properly parse processing instructions in md_in_html (1070).
* Properly parse code spans in md_in_html (1069).
* Preserve text immediately before an admonition (1092).
* Simplified regex for HTML placeholders (928) addressing (932).
* Ensure `permalinks` and `anchorlinks` are not restricted by `toc_depth` (1107).
* Fix corner cases with lists under admonitions (1102).

3.3.3

Fixed

* Unify all block-level tags (1047).
* Fix issue where some empty elements would have text rendered as `None` when using `md_in_html` (1049).
* Avoid catastrophic backtracking in `hr` regex (1055).
* Fix `hr` HTML handling (1053).

3.3.2

Fixed

* Properly parse inline HTML in md_in_html (1040 & 1045).
* Avoid crashing when md_in_html fails (1040).

3.3.1

Fixed

* Correctly parse raw `script` and `style` tags (1036).
* Ensure consistent class handling by `fenced_code` and `codehilite` (1032).

3.3

Changed

The prefix `language-` is now prepended to all language classes by default on code blocks.

The [HTML5
spec](https://www.w3.org/TR/html5/text-level-semantics.html#the-code-element)
recommends that the class defining the language of a code block be prefixed with
`language-`. Therefore, by default, both the
[fenced_code](extensions/fenced_code_blocks.md) and
[codehilite](extensions/code_hilite.md) extensions now prepend the prefix when
code highlighting is disabled.

If you have previously been including the prefix manually in your fenced code blocks, then you will not want a second
instance of the prefix. Similarly, if you are using a third party syntax highlighting tool which does not recognize
the prefix, or requires a different prefix, then you will want to redefine the prefix globally using the `lang_prefix`
configuration option of either the `fenced_code` or `codehilite` extensions.

For example, to configure `fenced_code` to not apply any prefix (the previous behavior), set the option to an empty string:

python
from markdown.extensions.fenced_code import FencedCodeExtension

markdown.markdown(src, extensions=[FencedCodeExtension(lang_prefix='')])


!!! note
When code highlighting is
[enabled](extensions/fenced_code_blocks.mdenabling-syntax-highlighting),
the output from Pygments is used unaltered. Currently, Pygments does not
provide an option to include the language class in the output, let alone
prefix it. Therefore, any language prefix is only applied when syntax
highlighting is disabled.

Attribute Lists are more strict (898).

Empty curly braces are now completely ignored by the [Attribute List](extensions/attr_list.md) extension. Previously, the extension would
recognize them as attribute lists and remove them from the document. Therefore, it is no longer necessary to backslash
escape a set of curly braces which are empty or only contain whitespace.

Despite not being documented, previously an attribute list could be defined anywhere within a table cell and get
applied to the cell (`<td>` element). Now the attribute list must be defined at the end of the cell content and must
be separated from the rest of the content by at least one space. This makes it easy to differentiate between attribute
lists defined on inline elements within a cell and the attribute list for the cell itself. It is also more consistent
with how attribute lists are defined on other types of elements.

The extension has also added support for defining attribute lists on table header cells (`<th>` elements) in the same
manner as data cells (`<td>` elements).

In addition, the documentation for the extensions received an overhaul. The features (987) and limitations (965) of the extension are now fully documented.

Added

* All Pygments' options are now available for syntax highlighting (816).
- The [Codehilite](extensions/code_hilite.md) extension now accepts any options
which Pygments supports as global configuration settings on the extension.
- [Fenced Code Blocks](extensions/fenced_code_blocks.md) will accept any of the
same options on individual code blocks.
- Any of the previously supported aliases to Pygments' options continue to be
supported at this time. However, it is recommended that the Pygments option names
be used directly to ensure continued compatibility in the future.

* [Fenced Code Blocks](extensions/fenced_code_blocks.md) now work with
[Attribute Lists](extensions/attr_list.md) when syntax highlighting is disabled.
Any random HTML attribute can be defined and set on the `<code>` tag of fenced code
blocks when the `attr_list` extension is enabled (816).

* The HTML parser has been completely replaced. The new HTML parser is built on Python's
[`html.parser.HTMLParser`](https://docs.python.org/3/library/html.parser.html), which
alleviates various bugs and simplify maintenance of the code (803, 830).

* The [Markdown in HTML](extensions/md_in_html.md) extension has been rebuilt on the
new HTML Parser, which drastically simplifies it. Note that raw HTML elements with a
`markdown` attribute defined are now converted to ElementTree Elements and are rendered
by the serializer. Various bugs have been fixed (803, 595, 780, and 1012).

* Link reference parsing, abbreviation reference parsing and footnote reference parsing
has all been moved from `preprocessors` to `blockprocessors`, which allows them to be
nested within other block level elements. Specifically, this change was necessary to
maintain the current behavior in the rebuilt Markdown in HTML extension. A few random
edge-case bugs (see the included tests) were resolved in the process (803).

* An alternate function `markdown.extensions.headerid.slugify_unicode` has been included
with the [Table of Contents](extensions/toc.md) extension which supports Unicode
characters in table of contents slugs. The old `markdown.extensions.headerid.slugify`
method which removes non-ASCII characters remains the default. Import and pass
`markdown.extensions.headerid.slugify_unicode` to the `slugify` configuration option
to use the new behavior.

* Support was added for Python 3.9 and dropped for Python 3.5.

Fixed

* Document how to pass configuration options to Extra (1019).
* Fix HR which follows strong em (897).
* Support short reference image links (894).
* Avoid a `RecursionError` from deeply nested blockquotes (799).
* Fix issues with complex emphasis (979).
* Fix unescaping of HTML characters `<>` in CodeHilite (990).
* Fix complex scenarios involving lists and admonitions (1004).
* Fix complex scenarios with nested ordered and unordered lists in a definition list (918).

Page 3 of 5

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.