From 468e4e329ed83c8c4aa377f0f085646640ed6851 Mon Sep 17 00:00:00 2001
From: Graham Campbell <GrahamCampbell@users.noreply.github.com>
Date: Sun, 30 Dec 2018 03:08:22 +0000
Subject: [PATCH] Use safer markdown defaults

---
 config/markdown.php | 35 ++++++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/config/markdown.php b/config/markdown.php
index 1f5e967a..b18731a8 100644
--- a/config/markdown.php
+++ b/config/markdown.php
@@ -119,16 +119,41 @@ return [
 
     /*
     |--------------------------------------------------------------------------
-    | Safe Mode
+    | HTML Input
     |--------------------------------------------------------------------------
     |
-    | This option specifies if raw HTML is rendered in the document. Setting
-    | this to true will not render HTML, and false will.
+    | This option specifies how to handle untrusted HTML input.
     |
-    | Default: false
+    | Default: 'strip'
     |
     */
 
-    'safe' => true,
+    'html_input' => 'strip',
+
+    /*
+    |--------------------------------------------------------------------------
+    | Allow Unsafe Links
+    |--------------------------------------------------------------------------
+    |
+    | This option specifies whether to allow risky image URLs and links.
+    |
+    | Default: true
+    |
+    */
+
+    'allow_unsafe_links' => false,
+
+    /*
+    |--------------------------------------------------------------------------
+    | Maximum Nesting Level
+    |--------------------------------------------------------------------------
+    |
+    | This option specifies the maximum permitted block nesting level.
+    |
+    | Default: INF
+    |
+    */
+
+    'max_nesting_level' => INF,
 
 ];