New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add markdown_escape setting #785
Conversation
tests/Updater/UpdaterTest.php
Outdated
/** | ||
* Test updateMethodEscapeMarkdown with nothing to do (setting already set) | ||
*/ | ||
public function testEscapeMarkdownSettingNothingToDo() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be split in two tests:
- setting previously enabled
- setting previously disabled
This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README
d8941c5
to
e037610
Compare
Updated and rebased. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Travis CI is currently down due to an AWS outage, hence the failing/unavailable builds
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Build passed ;-)
EDIT:
EDIT 2:
|
Adapted from shaarli#785 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
This setting allows to escape HTML in markdown rendering or not.
The goal behind it is to avoid XSS issue in shared instances.
More info:
(avoid breaking existing entries)
This need to be backported and released in v0.7.x and v0.8.x.
This PR is high priority.