MyShaarli

History

ArthurHoaro e037610115 Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README	2017-02-28 19:16:54 +01:00
..
DummyUpdater.php	ConfigManager no longer uses singleton pattern	2016-06-11 09:30:56 +02:00
UpdaterTest.php	Add markdown_escape setting	2017-02-28 19:16:54 +01:00

ArthurHoaro e037610115 Add markdown_escape setting

This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.

More info:

  * the setting is set to true by default
  * it is set to false for anyone who already have the plugin enabled
  (avoid breaking existing entries)
  * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof
  * mention the setting in the plugin README

2017-02-28 19:16:54 +01:00

DummyUpdater.php

ConfigManager no longer uses singleton pattern

2016-06-11 09:30:56 +02:00

UpdaterTest.php

Add markdown_escape setting

2017-02-28 19:16:54 +01:00