fix(security-markdown-widget): allow sanitization of preview content (#4886)

2021-01-29 06:50:48 -08:00
parent da31332641
commit 27aec85550
6 changed files with 83 additions and 4 deletions
--- a/website/content/docs/widgets/markdown.md
+++ b/website/content/docs/widgets/markdown.md
@ -16,6 +16,7 @@ The markdown widget provides a full fledged text editor allowing users to format
  * `buttons`: an array of strings representing the formatting buttons to display (all shown by default). Buttons include: `bold`, `italic`, `code`, `link`, `heading-one`, `heading-two`, `heading-three`, `heading-four`, `heading-five`, `heading-six`, `quote`, `bulleted-list`, and `numbered-list`.
  * `editor_components`: an array of strings representing the names of editor components to display (all shown by default). Netlify CMS includes `image` and `code-block` editor components by default, and custom components may be [created and registered](/docs/custom-widgets/#registereditorcomponent).
  * `modes`: an array of strings representing the names of allowed editor modes. Possible modes are `raw` and `rich_text`. A toggle button appears in the toolbar when more than one mode is available.
+  * `sanitize_preview`: accepts a boolean value, `false` by default. Sanitizes markdown preview to prevent XSS attacks - might alter the preview content.
 * **Example:**

  ```yaml
@ -26,4 +27,4 @@ This would render as:

 ![Markdown widget example](/img/widgets-markdown.png)

-*Please note:* The markdown widget outputs a raw markdown string. Your static site generator may or may not render the markdown to HTML automatically. Consult with your static site generator's documentation for more information about rendering markdown.
+*Please note:* The markdown widget outputs a raw markdown string. Your static site generator may or may not render the markdown to HTML automatically. Consult with your static site generator's documentation for more information about rendering markdown.