X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=plugins%2Fmarkdown%2FREADME.md;h=bc9427e23600a6f624b5c03325a1a4b9e5821ccf;hb=9ff17ae20effa5d54fd8481c19518123590e3bd0;hp=c64a831a1cb2a76f1a724889fe8fe900c0c34a94;hpb=3d8f5cf84b8baa4a212f5089633af7c640609b62;p=github%2Fshaarli%2FShaarli.git
diff --git a/plugins/markdown/README.md b/plugins/markdown/README.md
index c64a831a..bc9427e2 100644
--- a/plugins/markdown/README.md
+++ b/plugins/markdown/README.md
@@ -20,30 +20,50 @@ The directory structure should look like:
|--- markdown.css
|--- markdown.meta
|--- markdown.php
- |--- Parsedown.php
|--- README.md
```
To enable the plugin, just check it in the plugin administration page.
-You can also add `markdown` to your list of enabled plugins in `data/config.php`
-(`ENABLED_PLUGINS` array).
+You can also add `markdown` to your list of enabled plugins in `data/config.json.php`
+(`general.enabled_plugins` list).
This should look like:
```
-$GLOBALS['config']['ENABLED_PLUGINS'] = array('qrcode', 'any_other_plugin', 'markdown')
+"general": {
+ "enabled_plugins": [
+ "markdown",
+ [...]
+ ],
+}
```
+Parsedown parsing library is imported using Composer. If you installed Shaarli using `git`,
+or the `master` branch, run
+
+ composer update --no-dev --prefer-dist
+
### No Markdown tag
-If the tag `.nomarkdown` is set for a shaare, it won't be converted to Markdown syntax.
+If the tag `nomarkdown` is set for a shaare, it won't be converted to Markdown syntax.
-> Note: it's a private tag (leading dot), so it won't be displayed to visitors.
+> Note: this is a special tag, so it won't be displayed in link list.
+
+### HTML escape
-### HTML rendering
+By default, HTML tags are escaped. You can enable HTML tags rendering
+by setting `security.markdwon_escape` to `false` in `data/config.json.php`:
-Markdown support HTML tags. For example:
+```json
+{
+ "security": {
+ "markdown_escape": false
+ }
+}
+```
+
+With this setting, Markdown support HTML tags. For example:
> strongstrike
@@ -51,12 +71,14 @@ Will render as:
> strongstrike
-If you want to shaare HTML code, it is necessary to use inline code or code blocks.
-
-**If your shaared descriptions containing HTML tags before enabling the markdown plugin,
-enabling it might break your page.**
-> Note: HTML tags such as script, iframe, etc. are disabled for security reasons.
+**Warning:**
+
+ * This setting might present **security risks** (XSS) on shared instances, even though tags
+ such as script, iframe, etc should be disabled.
+ * If you want to shaare HTML code, it is necessary to use inline code or code blocks.
+ * If your shaared descriptions contained HTML tags before enabling the markdown plugin,
+enabling it might break your page.
### Known issue