Commit graph

7 commits

Author SHA1 Message Date
ArthurHoaro
e037610115 Add markdown_escape setting
This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.

More info:

  * the setting is set to true by default
  * it is set to false for anyone who already have the plugin enabled
  (avoid breaking existing entries)
  * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof
  * mention the setting in the plugin README
2017-02-28 19:16:54 +01:00
Arthur
19b3930ff3 Merge pull request #701 from ArthurHoaro/plugins/md-html-doc
Describe markdown HTML rendering and display a warning
2016-12-03 08:52:12 +01:00
ArthurHoaro
3d8f5cf84b Describe markdown HTML rendering and display a warning
Fixes #688
2016-12-01 12:44:37 +01:00
ArthurHoaro
266e3fe5c8 Markdown: fixes feed rendering with nomarkdown tag
* make sure we match exactly `nomarkdown` tag
 * pass the whole link data to stripNoMarkdownTag() to:
   * strip the noMD tag in taglist (array)
   * strip the tag in tags (string)

Fixes #689

tmp
2016-11-22 10:26:03 +01:00
ArthurHoaro
340252ae5d Update markdown plugin README documentation
* Add the `.nomarkdown` section.
  * Update misleading statements.
2016-03-26 16:43:14 +01:00
ArthurHoaro
1456358240 Fixes forced git changes
Probably related to the introduction of .gitattribute with forced line ending.
2016-01-31 19:22:14 +01:00
ArthurHoaro
1be4afacf9 PLUGIN Markdown
Parse link description in Markdown (HTML) before rendering.

      * hard remove of Shaarli's HTML before parsing.
      * Using Parsedown <https://github.com/erusev/parsedown> PHP lib.
      * Includes basic markdown CSS.
      * Style: removed 400px height max limit for shaares.
      * Unit tests.
2016-01-03 17:36:10 +01:00