# Markdown Settings

Markdown settings can be configured on the following page.

  • Admin Page > Markdown Settings (Navigate to the /admin/markdown page)

# Line break setting

In GROWI's default Markdown syntax, a single line break is not treated as <br>. To treat a single line break as <br>, switch the Line break setting ON/OFF.

markdown_linebreak_1.png
  • When Line break setting is enabled
    • Line breaks in page text and comments are treated as <br> in HTML
markdown_linebreak_2.png
  • When Line break setting is disabled
    • Use <br> or insert two spaces at the end of a line to create a line break
markdown_linebreak_3.png

# Indent setting

  • Administrators can configure the following settings in the admin panel:
    • Default indent size
    • Disallow change of indent size by users (Toggle ON/OFF)
markdown_indent_1.png
  • If allowing change of indent size by users, users can specify the size in the page editing interface
markdown_indent_2.png

# Prevent XSS (cross site scripting) setting

Configure how HTML tags in Markdown text are handled to prevent attacks from malicious programs. Choose between "Recommended setting" and "Custom whitelist."

markdown_xss_1.png
  • It is a secure setting that allows the use of HTML within the scope that does not interfere with the use of GROWI.
  • Users cannot change the setting value.
markdown_xss_2.png

# Custom whitelist

  • Administrators can configure which HTML tags and tag attributes are allowed.
  • Tag names:
    • Please enter a comma-separated list of tag names.
  • Tag attributes:
    • Please enter the string representation of a JSON object.
    • For each tag name as a key, enter the string representation of a JSON array of tag attributes that you want to allow.
      • You can specify tag attributes to allow for all tags by using "*" as the key.

WARNING

Versions from GROWI v6.0.0 to v7.0.11 have a bug related to the custom whitelist.

# Symptoms
  • The values entered in the custom whitelist are not reflected correctly.
  • Upgrading to v7.0.10 or later exacerbates this issue, causing the inability to render HTML tags correctly in Markdown.

#8836 (opens new window), #8946 (opens new window)

# Solution

Perform one of the following:

  • Use the recommended settings.
  • Upgrade to v7.0.12 or later, select the custom whitelist, import the values from the recommended settings for both tag names and attributes and modify them based on them.

# Examples

When left empty, it disables all HTML tags and tag attributes.

markdown_xss_3.png

For example, even if <h1>title</h1> is written in the page body, HTML functionality is disabled, and h1 is not treated as "Heading 1."

markdown_xss_4.png

If you add h1 to the "Tag names" field, the added HTML will function.

markdown_xss_5.png

Since HTML is functional, h1 is treated as "Heading 1."

markdown_xss_6.png