From 850641a3ac7740674ef0c80e8ea94ce5ad4c4616 Mon Sep 17 00:00:00 2001 From: NotGovernor Date: Tue, 30 May 2023 22:51:21 -0500 Subject: [PATCH] Safe Mode set from Environment Variable --- docker-compose.yml | 1 + perlite/Demo/README.md | 3 +++ perlite/content.php | 3 ++- perlite/helper.php | 8 ++++++++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 1f259759..5e77acf1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,6 +14,7 @@ services: - SHOW_TOC=false - HOME_FILE=README - FONT_SIZE=15 + - HTML_SAFE_MODE=true volumes: - ./perlite/Demo:/var/www/perlite/Demo:ro diff --git a/perlite/Demo/README.md b/perlite/Demo/README.md index b38e02b5..41abce35 100644 --- a/perlite/Demo/README.md +++ b/perlite/Demo/README.md @@ -70,4 +70,7 @@ If you want to discuss about Perlite you can join the thread in the [Obsidian Fo [Wiki](https://en.wikipedia.org/wiki/Perlite): *Perlite is an amorphous volcanic glass ... typically formed by the hydration of obsidian.* +## Safe Mode Test +You should be very cautious about disabling safe mode. If safe mode is **OFF** the following text will be red, if safe mode is **ON** you should see unrendered HTML below. +
Red if Unsafe
diff --git a/perlite/content.php b/perlite/content.php index 15f0b977..2ed830a1 100644 --- a/perlite/content.php +++ b/perlite/content.php @@ -58,11 +58,12 @@ function parseContent($requestFile) { global $startDir; global $lineBreaks; global $allowedFileLinkTypes; + global $htmlSafeMode; //$Parsedown = new ParsedownExtra(); $Parsedown = new PerliteParsedown(); - $Parsedown->setSafeMode(true); + $Parsedown->setSafeMode($htmlSafeMode); $Parsedown->setBreaksEnabled($lineBreaks); $cleanFile = ''; diff --git a/perlite/helper.php b/perlite/helper.php index 78ab484b..a8d26470 100644 --- a/perlite/helper.php +++ b/perlite/helper.php @@ -68,6 +68,14 @@ $font_size = "15"; } +// Set safe mode from environment variable +$htmlSafeMode = getenv('HTML_SAFE_MODE'); +if (empty($htmlSafeMode)) { + $htmlSafeMode = true; +} else { + $htmlSafeMode = filter_var($htmlSafeMode, FILTER_VALIDATE_BOOLEAN); +} + $about = '.about';