From: ArthurHoaro <arthur@hoa.ro>
Date: Mon, 27 Feb 2017 18:45:55 +0000 (+0100)
Subject: Add markdown_escape setting
X-Git-Tag: v0.8.4~2
X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=9ff17ae20effa5d54fd8481c19518123590e3bd0;hp=9ff17ae20effa5d54fd8481c19518123590e3bd0;p=github%2Fshaarli%2FShaarli.git

Add markdown_escape setting

This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.

More info:

  * the setting is set to true by default
  * it is set to false for anyone who already have the plugin enabled
  (avoid breaking existing entries)
  * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof
  * mention the setting in the plugin README
---