Merge pull request #3383 from CachetHQ/markdown-defaults

Use safer markdown defaults
cachethq · Dec 30, 2018 · 7d5bb03 · 7d5bb03
2 parents 9d4193b + 468e4e3
commit 7d5bb03
Showing 1 changed file with 30 additions and 5 deletions.
diff --git a/config/markdown.php b/config/markdown.php
@@ -119,16 +119,41 @@
 
     /*
     |--------------------------------------------------------------------------
-    | Safe Mode
+    | HTML Input
     |--------------------------------------------------------------------------
     |
-    | This option specifies if raw HTML is rendered in the document. Setting
-    | this to true will not render HTML, and false will.
+    | This option specifies how to handle untrusted HTML input.
     |
-    | Default: false
+    | Default: 'strip'
     |
     */
 
-    'safe' => true,
+    'html_input' => 'strip',
+
+    /*
+    |--------------------------------------------------------------------------
+    | Allow Unsafe Links
+    |--------------------------------------------------------------------------
+    |
+    | This option specifies whether to allow risky image URLs and links.
+    |
+    | Default: true
+    |
+    */
+
+    'allow_unsafe_links' => false,
+
+    /*
+    |--------------------------------------------------------------------------
+    | Maximum Nesting Level
+    |--------------------------------------------------------------------------
+    |
+    | This option specifies the maximum permitted block nesting level.
+    |
+    | Default: INF
+    |
+    */
+
+    'max_nesting_level' => INF,
 
 ];