Merge pull request #3383 from CachetHQ/markdown-defaults

Use safer markdown defaults
2018-12-30 09:18:00 +00:00
parent 9d4193ba45 468e4e329e
commit 7d5bb0348d
1 changed files with 30 additions and 5 deletions
--- a/config/markdown.php
+++ b/config/markdown.php
@@ -119,16 +119,41 @@ return [

    /*
    |--------------------------------------------------------------------------
-    | Safe Mode
+    | HTML Input
    |--------------------------------------------------------------------------
    |
-    | This option specifies if raw HTML is rendered in the document. Setting
-    | this to true will not render HTML, and false will.
+    | This option specifies how to handle untrusted HTML input.
    |
-    | Default: false
+    | Default: 'strip'
    |
    */

-    'safe' => true,
+    'html_input' => 'strip',
+
+    /*
+    |--------------------------------------------------------------------------
+    | Allow Unsafe Links
+    |--------------------------------------------------------------------------
+    |
+    | This option specifies whether to allow risky image URLs and links.
+    |
+    | Default: true
+    |
+    */
+
+    'allow_unsafe_links' => false,
+
+    /*
+    |--------------------------------------------------------------------------
+    | Maximum Nesting Level
+    |--------------------------------------------------------------------------
+    |
+    | This option specifies the maximum permitted block nesting level.
+    |
+    | Default: INF
+    |
+    */
+
+    'max_nesting_level' => INF,

 ];