Extend HTML5 support by whitelisting various tags

HTML5 provides a wide feature set of useful elements. Since Markdown
usually supports HTML it should be able to use these HTML5 tags as well.
As they were requested by some users and they where checked for being
safe, whitelisting them isn't a problem. To make the experience the same
as on GitHub when it comes to the basic look and feel of the rendered
markdown, some CSS was added to make the summary and the details tag
look like on GitHub.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
Sheogorath 2018-02-25 14:48:50 +01:00
parent f642a11599
commit 5d347d583d
No known key found for this signature in database
GPG Key ID: 1F05CC3635CDDFFD
2 changed files with 20 additions and 1 deletions

View File

@ -188,3 +188,12 @@
.markdown-body .alert > ul {
margin-bottom: 0;
}
/* Make details boxes look like on GitHub */
.markdown-body details summary {
cursor: pointer;
}
.markdown-body summary {
display: list-item;
}

View File

@ -19,8 +19,18 @@ whiteList['style'] = []
whiteList['kbd'] = []
// allow ifram tag with some safe attributes
whiteList['iframe'] = ['allowfullscreen', 'name', 'referrerpolicy', 'sandbox', 'src', 'width', 'height']
// allow summary tag
// allow details tag
whiteList['details'] = []
// allow summary tag for details
whiteList['summary'] = []
// allow ruby tag
whiteList['ruby'] = []
// allow rt tag for ruby
whiteList['rt'] = []
// allow figure tag
whiteList['figure'] = []
// allow figcaption tag
whiteList['figcaption'] = []
var filterXSSOptions = {
allowCommentTag: true,