From 2ce948e0ebf53f7a155377e927a6c490d872dbbe Mon Sep 17 00:00:00 2001
From: Benjamin Brahmer <info@b-brahmer.de>
Date: Sat, 8 May 2021 19:39:34 +0200
Subject: fix broken markdown

Signed-off-by: Benjamin Brahmer <info@b-brahmer.de>
---
 docs/faq.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/docs/faq.md b/docs/faq.md
index fc219dde2..b854d4c03 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -1,6 +1,6 @@
 # FAQ
 
-### My browser shows a mixed content warning (Connection is Not Secure)
+## My browser shows a mixed content warning (Connection is Not Secure)
 If you are serving your Nextcloud over HTTPS your browser will very likely warn you with a yellow warnings sign about your connection not being secure.
 
 Chrome will show no green HTTPS lock sign, Firefox will show you the following image
@@ -11,7 +11,7 @@ Note that this warning **is not red and won't block the page like the following
 ![Untrusted Cert](http://www.inmotionhosting.com/support/images/stories/website/errors/ssl/chrome-self-signed-ssl-warning.png)
 ![Mixed Active Content](http://www.howtogeek.com/wp-content/uploads/2014/02/650x367xchrome-mixed-content-https-problem.png.pagespeed.gp+jp+jw+pj+js+rj+rp+rw+ri+cp+md.ic.r_lQiZiq38.png)
 
-#### What is the cause of the (yellow) error message
+### What is the cause of the (yellow) error message
 
 This warning is caused by [mixed passive content](https://developer.mozilla.org/en/docs/Security/MixedContent) and means that your page loads passive resources from non HTTPS resources, such as:
 * Images
@@ -19,13 +19,13 @@ This warning is caused by [mixed passive content](https://developer.mozilla.org/
 
 This allows a possible attacker to perform a MITM (man-in-the-middle) attack by serving you different images or audio/video.
 
-#### Why doesn't the News app fix it
+### Why doesn't the News app fix it
 
-The News app fully prevents mixed **active** content by only allowing HTTPS iframes from known locations; other possible mixed active content elements such as \<script> are stripped from the feed. Because images and audio/video are an integral part of a feed, we can not simply strip them.
+The News app fully prevents mixed **active** content by only allowing HTTPS iframes from known locations; other possible mixed active content elements such as <script\> are stripped from the feed. Because images and audio/video are an integral part of a feed, we can not simply strip them.
 
 Since an attacker can not execute code in contrast to mixed active content, but only replace images/audio/video in your feed reader, this is **not considered to be a security issue**. If, for whatever reason (e.g. feed which would allow fishing), this is a security problem for you, contact the specific feed provider and ask him to serve his feed content over HTTPS.
 
-#### Why don't you simply use an HTTPS image/audio/video proxy
+### Why don't you simply use an HTTPS image/audio/video proxy
 
 For the same reason that we can't fix non HTTPS websites: It does not fix the underlying issue but only silences it. If you are using an image HTTPS proxy, an attacker can simply attack your image proxy since the proxy fetches insecure content. **Even worse**: if your image proxy serves these images from the same domain as your Nextcloud installation you [are vulnerable to XSS via SVG images](https://www.owasp.org/images/0/03/Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf). In addition, people feel safe when essentially they are not.
 
@@ -35,10 +35,10 @@ Because we care about our users' security and don't want to hide security warnin
 
 The only fix for this issue is that feed providers serve their content over HTTPS.
 
-### I am getting: Exception: Some\\Class does not exist errors in my nextcloud.log
+## I am getting: Exception: Some\\Class does not exist errors in my nextcloud.log
 This is very often caused by missing or old files, e.g. by failing to upload all the News app files or errors during installation. Before you report a bug, please recheck if all files from the archive are in place and accessible.
 
-### Feeds not updated
+## Feeds not updated
 Feeds can be updated using Nextcloud's system cron or any program that implements the [News app's updater API](https://github.com/nextcloud/news/tree/master/docs/externalapi), most notably [Nextcloud News Updater](https://github.com/nextcloud/news-updater). **The feed update is not run in Webcron and AJAX cron mode!**
 
 System Cron:
@@ -73,7 +73,7 @@ You will get two rows where column `class`will be `OCA\News\Cron\Updater` and `O
 
 * Check your **data/nextcloud.log** for errors
 
-### Adding feeds that use self-signed certificates
+## Adding feeds that use self-signed certificates
 If you want to add a feed that uses a self-signed certificate that is not signed by a trusted CA the request will fail with "SSL certificate is invalid". A common solution is to turn off the certificate verification **which is wrong** and **makes your installation vulnerable to MITM attacks**. Therefore **turning off certificate verification is not supported**.
 
 
@@ -82,13 +82,13 @@ If you have control over the feed in question, consider signing your certificate
 
 If you do not have control over the chosen feed, you should [download the certificate from the feed's website](http://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file) and [add it to your server's trusted certificates](http://www.onlinesmartketer.com/2009/06/23/curl-adding-installing-trusting-new-self-signed-certificate/). The exact procedure however may vary depending on your distribution.
 
-### Is There An Subscription URL To Easily Subscribe To Feeds
+## Is There An Subscription URL To Easily Subscribe To Feeds
 
 By appending **?subscribe_to=SOME_URL** to your News app URL, you can launch the News app with a pre-filled URL, e.g.:
 
     https://yourdomain.com/nextcloud/index.php/apps/news?subscribe_to=https://github.com/nextcloud/news/releases
 
-### Database table grows too big
+## Database table grows too big
 
 By default, Nextcloud News purges old news items above a certain threshold each time it fetches new news items. The maximum number of items per feed
 that should be kept during the purging can be defined through the “Maximum read count per feed” setting in the admin UI or the `autoPurgeCount`
-- 
cgit v1.2.3

