X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=plugins%2Fmarkdown%2FREADME.md;h=bc9427e23600a6f624b5c03325a1a4b9e5821ccf;hb=d9a0b52276766604d6b3d96895ab1a79e4cd3218;hp=196005e77327c61881ddeb76006825da3430a3bc;hpb=266e3fe5c8961aaf089bad16b9e4c54de1aaff40;p=github%2Fshaarli%2FShaarli.git
diff --git a/plugins/markdown/README.md b/plugins/markdown/README.md
index 196005e7..bc9427e2 100644
--- a/plugins/markdown/README.md
+++ b/plugins/markdown/README.md
@@ -50,6 +50,36 @@ If the tag `nomarkdown` is set for a shaare, it won't be converted to Markdown s
> Note: this is a special tag, so it won't be displayed in link list.
+### HTML escape
+
+By default, HTML tags are escaped. You can enable HTML tags rendering
+by setting `security.markdwon_escape` to `false` in `data/config.json.php`:
+
+```json
+{
+ "security": {
+ "markdown_escape": false
+ }
+}
+```
+
+With this setting, Markdown support HTML tags. For example:
+
+ > strongstrike
+
+Will render as:
+
+> strongstrike
+
+
+**Warning:**
+
+ * This setting might present **security risks** (XSS) on shared instances, even though tags
+ such as script, iframe, etc should be disabled.
+ * If you want to shaare HTML code, it is necessary to use inline code or code blocks.
+ * If your shaared descriptions contained HTML tags before enabling the markdown plugin,
+enabling it might break your page.
+
### Known issue
#### Redirector