| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.
More info:
* the setting is set to true by default
* it is set to false for anyone who already have the plugin enabled
(avoid breaking existing entries)
* improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof
* mention the setting in the plugin README
|
|
|
|
|
|
|
|
|
|
|
| |
* make sure we match exactly `nomarkdown` tag
* pass the whole link data to stripNoMarkdownTag() to:
* strip the noMD tag in taglist (array)
* strip the tag in tags (string)
Fixes #689
tmp
|
|
|
|
|
|
| |
Fixes #672
+ Markdown to HTML unit test
|
|
|
|
| |
A private tag is never loaded for visitor, making this feature useless.
|
|
|
|
|
|
| |
parsed with markdown
Also add the tag in tag list in edit_link, so it will appear on autocompletion.
|
|
|
|
| |
Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
|
|
Parse link description in Markdown (HTML) before rendering.
* hard remove of Shaarli's HTML before parsing.
* Using Parsedown <https://github.com/erusev/parsedown> PHP lib.
* Includes basic markdown CSS.
* Style: removed 400px height max limit for shaares.
* Unit tests.
|