Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds warnings about loading extensions #110

Merged
merged 2 commits into from Oct 23, 2020

Conversation

d0c-s4vage
Copy link
Owner

@d0c-s4vage d0c-s4vage commented Oct 23, 2020

This changes a few things:

  1. "built-in" contrib extensions are no longer auto-loaded. They must be:
    • allowed the same as other extensions (via -e, LOOKATME_EXTS env var, or answering the prompts)
    • declared the same as other extensions (in the markdown YAML)
  2. Adds a soft-requirement for a user_warnings function to exist in all extensions.
    • This is how extensions should declare any security warnings or considerations for users
    • If this function is not defined in the contrib module, a warning is added to inform the user
  3. Adds new command-line arguments:
    • -i - ignore load failures during extension loading
    • --safe - Do not load any new extensions specified by the source markdown. Extensions manually approved via -e or LOOKATME_EXTS env var are still loaded
    • --no-ext-warn - Turns off all warnings about loading new extensions that are specified in the source markdown

Examples of this in action:

lookatme_ext_safe_example

@d0c-s4vage
Copy link
Owner Author

fixes #109

@d0c-s4vage
Copy link
Owner Author

@randomstuff I think this should cover the concerns about making the user aware of what might happen if they render markdown from unknown sources and certain extensions are used.

@d0c-s4vage d0c-s4vage merged commit 72fe36b into master Oct 23, 2020
0 of 3 checks passed
@d0c-s4vage d0c-s4vage deleted the feature/109-extension_warnings branch October 23, 2020 05:29
@randomstuff
Copy link

(Sorry, I forgot to answer). Yes, I was not expected that much changes but this looks good to me. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants