git.immae.eu Git - github/shaarli/Shaarli.git/commit

]> git.immae.eu Git - github/shaarli/Shaarli.git/commit

projects / github / shaarli / Shaarli.git / commit

author	ArthurHoaro <arthur@hoa.ro>
	Mon, 27 Feb 2017 18:45:55 +0000 (19:45 +0100)
committer	VirtualTam <virtualtam@flibidi.net>
	Sat, 4 Mar 2017 08:38:12 +0000 (09:38 +0100)
commit	9ff17ae20effa5d54fd8481c19518123590e3bd0
tree	5950eea367714b54cb24cdfb57963adf85a907e4	tree \| snapshot
parent	63bddaad4b6578d5d9a5728cba9f2f0d552805e5	commit \| diff

Add markdown_escape setting

This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.

More info:

  * the setting is set to true by default
  * it is set to false for anyone who already have the plugin enabled
  (avoid breaking existing entries)
  * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof
  * mention the setting in the plugin README

The personal, minimalist, super-fast, database free, bookmarking service - community repo

RSS Atom

application/Updater.php		diff \| blob \| blame \| history
plugins/markdown/README.md		diff \| blob \| blame \| history
plugins/markdown/markdown.php		diff \| blob \| blame \| history
tests/Updater/UpdaterTest.php		diff \| blob \| blame \| history
tests/plugins/PluginMarkdownTest.php		diff \| blob \| blame \| history
tests/plugins/resources/markdown.html		diff \| blob \| blame \| history