Many people don’t understand that markdown format does not care much about security. In many cases you have to pass output to sanitizers. markdown-it provides 2 possible strategies to produce safe output:

  1. Don’t enable HTML. Extend markup features with plugins. We think it’s the best choice and use it by default.

    • That’s ok for 99% of user needs.

    • Output will be safe without sanitizer.

  2. Enable HTML and use external sanitizer package(s).

Also by default markdown-it prohibits some kind of links, which could be used for XSS:

  • javascript:, vbscript:

  • file:

  • data:, except some images (gif/png/jpeg/webp).

So, by default markdown-it should be safe. We care about it.

If you find a security problem - contact us via tracker or email. Such reports are fixed with top priority.


Usually, plugins operate with tokenized content, and that’s enough to provide safe output.

But there is one non-evident case you should know - don’t allow plugins to generate arbitrary element id and name. If those depend on user input - always add prefixes to avoid DOM clobbering. See discussion for details.

So, if you decide to use plugins that add extended class syntax or autogenerating header anchors - be careful.


markdown-it-py is the fastest CommonMark compliant parser written in python!

You can view our continuous integration benchmarking analysis at:, or you can run it for yourself within the repository:

$ tox -e py38-bench-packages -- --benchmark-columns mean,stddev

Name (time in ms)               Mean              StdDev
test_mistune                 82.0024 (1.0)       10.7779 (1.61)
test_markdown_it_py         190.9571 (2.33)       6.6946 (1.0)
test_mistletoe              247.1633 (3.01)      16.3956 (2.45)
test_commonmark_py          482.6411 (5.89)      67.8219 (10.13)
test_panflute             1,043.0018 (12.72)    229.1034 (34.22)
test_pymarkdown             964.6831 (11.76)     77.2787 (11.54)
test_pymarkdown_extra     1,051.8680 (12.83)     32.2971 (4.82)

As you can see, markdown-it-py doesn’t pay with speed for it’s flexibility.


mistune is not CommonMark compliant, which is what allows for its faster parsing, at the expense of issues, for example, with nested inline parsing. See mistletoes’s explanation for further details.