diff options
author | ArthurHoaro <arthur@hoa.ro> | 2017-02-27 19:45:55 +0100 |
---|---|---|
committer | ArthurHoaro <arthur@hoa.ro> | 2017-02-28 19:16:54 +0100 |
commit | e03761011521929a375ebb56f21adacb226a3a8d (patch) | |
tree | 6cc318939e74a35d74a037f18bca912b73e5c81e /CONTRIBUTING.md | |
parent | 5978588578ca103152598ccfbe41019b12e00a4f (diff) | |
download | Shaarli-e03761011521929a375ebb56f21adacb226a3a8d.tar.gz Shaarli-e03761011521929a375ebb56f21adacb226a3a8d.tar.zst Shaarli-e03761011521929a375ebb56f21adacb226a3a8d.zip |
Add markdown_escape setting
This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.
More info:
* the setting is set to true by default
* it is set to false for anyone who already have the plugin enabled
(avoid breaking existing entries)
* improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof
* mention the setting in the plugin README
Diffstat (limited to 'CONTRIBUTING.md')
0 files changed, 0 insertions, 0 deletions