Hello.
The browser used by the Markdown plugin executes scripts provided in Markdown files. This could have security/privacy implications.
Is it possible to tell the browser to not execute scripts?
To reproduce, save the following snippet to `file.md`, and open it with Geany with the Markdown preview active:
``` <script> alert('Hello, world!'); </script> ```
Closed #624.
The browser used by the Markdown plugin executes scripts provided in Markdown files. This could have security/privacy implications.
Meh, the whole point is to execute the code in a real browser engine, and it's as sandboxed as much the underlying WebKitGtk library itself. Would be similar to reporting a bug to Firefox that it executes JavaScript, so closing. Feel free to re-open if I'm wrong.
Is it possible to tell the browser to not execute scripts?
It might be possible via the WebKitGtk API, a decent patch submission adding a plugin preference to disable JS would probably be accepted.
github-comments@lists.geany.org