From 9ff17ae20effa5d54fd8481c19518123590e3bd0 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Mon, 27 Feb 2017 19:45:55 +0100 Subject: Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README --- tests/plugins/resources/markdown.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'tests/plugins/resources/markdown.html') diff --git a/tests/plugins/resources/markdown.html b/tests/plugins/resources/markdown.html index c0fbe7f4..07a5a32e 100644 --- a/tests/plugins/resources/markdown.html +++ b/tests/plugins/resources/markdown.html @@ -12,11 +12,11 @@
  • two
  • three
  • four
  • -
  • foo #foobar
  • +
  • foo <a href="?addtag=foobar" title="Hashtag foobar">#foobar</a>
  • -

    #foobar foo lol #foo #bar

    -

    fsdfs http://link.tld #foobar http://link.tld

    +

    <a href="?addtag=foobar" title="Hashtag foobar">#foobar</a> foo lol #foo <a href="?addtag=bar" title="Hashtag bar">#bar</a>

    +

    fsdfs http://link.tld <a href="?addtag=foobar" title="Hashtag foobar">#foobar</a> http://link.tld

    http://link.tld #foobar
     next #foo

    Block:

    -- cgit v1.2.3