diff options
author | ArthurHoaro <arthur@hoa.ro> | 2017-02-27 19:45:55 +0100 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2017-03-04 09:38:12 +0100 |
commit | 9ff17ae20effa5d54fd8481c19518123590e3bd0 (patch) | |
tree | 5950eea367714b54cb24cdfb57963adf85a907e4 /tpl/includes.html | |
parent | 63bddaad4b6578d5d9a5728cba9f2f0d552805e5 (diff) | |
download | Shaarli-9ff17ae20effa5d54fd8481c19518123590e3bd0.tar.gz Shaarli-9ff17ae20effa5d54fd8481c19518123590e3bd0.tar.zst Shaarli-9ff17ae20effa5d54fd8481c19518123590e3bd0.zip |
Add markdown_escape setting
This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.
More info:
* the setting is set to true by default
* it is set to false for anyone who already have the plugin enabled
(avoid breaking existing entries)
* improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof
* mention the setting in the plugin README
Diffstat (limited to 'tpl/includes.html')
0 files changed, 0 insertions, 0 deletions