Merge pull request #88 from NotGovernor/Safe-Mode-From-Env-Var

Safe Mode Set from Environment Variable
secure-77 · May 31, 2023 · dafa5c6 · dafa5c6
2 parents 778a438 + 850641a
commit dafa5c6
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 1 deletion.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -14,6 +14,7 @@ services:
       - SHOW_TOC=false
       - HOME_FILE=README
       - FONT_SIZE=15
+      - HTML_SAFE_MODE=true
     volumes:
       - ./perlite/Demo:/var/www/perlite/Demo:ro
 

diff --git a/perlite/Demo/README.md b/perlite/Demo/README.md
@@ -70,4 +70,7 @@ If you want to discuss about Perlite you can join the thread in the [Obsidian Fo
 [Wiki](https://en.wikipedia.org/wiki/Perlite):
 *Perlite is an amorphous volcanic glass ... typically formed by the hydration of obsidian.*
 
+## Safe Mode Test
+You should be very cautious about disabling safe mode. If safe mode is **OFF** the following text will be red, if safe mode is **ON** you should see unrendered HTML below.
 
+<div style="text-align: center; color: red;">Red if Unsafe</div>
diff --git a/perlite/content.php b/perlite/content.php
@@ -58,11 +58,12 @@ function parseContent($requestFile) {
 	global $startDir;
 	global $lineBreaks;
 	global $allowedFileLinkTypes;
+	global $htmlSafeMode;
 
 
 	//$Parsedown = new ParsedownExtra();
 	$Parsedown = new PerliteParsedown();
-	$Parsedown->setSafeMode(true);
+	$Parsedown->setSafeMode($htmlSafeMode);
 	$Parsedown->setBreaksEnabled($lineBreaks);
 	$cleanFile = '';
 

diff --git a/perlite/helper.php b/perlite/helper.php
@@ -68,6 +68,14 @@
 	$font_size = "15";
 }
 
+// Set safe mode from environment variable
+$htmlSafeMode = getenv('HTML_SAFE_MODE');
+if (empty($htmlSafeMode)) {
+	$htmlSafeMode = true;
+} else {
+	$htmlSafeMode = filter_var($htmlSafeMode, FILTER_VALIDATE_BOOLEAN);
+}
+
 
 $about = '.about';