diff options
author | gzagatti <gzagatti@users.noreply.github.com> | 2021-01-11 16:46:31 +0800 |
---|---|---|
committer | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2021-02-22 13:52:04 +0100 |
commit | 01dd7c16af6204d18d530f9d3018689215482170 (patch) | |
tree | 4020b7fc7f4d6e96b942d4800c00b82cad178ae9 /docs | |
parent | c8f45d1d861f596821afc068bd12eb1213aba5ce (diff) |
Fixes #7698.
markup: Allow installed arbitrary Asciidoc extension via path validation.
Diffstat (limited to 'docs')
-rw-r--r-- | docs/content/en/content-management/formats.md | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/docs/content/en/content-management/formats.md b/docs/content/en/content-management/formats.md index 576ce2fa3..5654be7f0 100644 --- a/docs/content/en/content-management/formats.md +++ b/docs/content/en/content-management/formats.md @@ -100,6 +100,8 @@ Below are all the AsciiDoc related settings in Hugo with their default values: {{< code-toggle config="markup.asciidocExt" />}} +Notice that for security concerns only extensions that do not have path separators (either `\`, `/` or `.`) are allowed. That means that extensions can only be invoked if they are in one's ruby's `$LOAD_PATH` (ie. most likely, the extension has been installed by the user). Any extension declared relative to the website's path will not be accepted. + Example of how to set extensions and attributes: ``` |