]> git.immae.eu Git - github/shaarli/Shaarli.git/commit
projects / github / shaarli / Shaarli.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5978588) | patch
Add markdown_escape setting 785/head
authorArthurHoaro <arthur@hoa.ro>
Mon, 27 Feb 2017 18:45:55 +0000 (19:45 +0100)
committerArthurHoaro <arthur@hoa.ro>
Tue, 28 Feb 2017 18:16:54 +0000 (19:16 +0100)
commite03761011521929a375ebb56f21adacb226a3a8d
tree6cc318939e74a35d74a037f18bca912b73e5c81etree | snapshot
parent5978588578ca103152598ccfbe41019b12e00a4fcommit | diff
Add markdown_escape setting

This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.

More info:

  * the setting is set to true by default
  * it is set to false for anyone who already have the plugin enabled
  (avoid breaking existing entries)
  * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof
  * mention the setting in the plugin README
application/Updater.php diff | blob | blame | history
plugins/markdown/README.md diff | blob | blame | history
plugins/markdown/markdown.php diff | blob | blame | history
tests/Updater/UpdaterTest.php diff | blob | blame | history
tests/plugins/PluginMarkdownTest.php diff | blob | blame | history
tests/plugins/resources/markdown.html diff | blob | blame | history
The personal, minimalist, super-fast, database free, bookmarking service - community repo