v0.17.0 - Allow Dangerous HTML

This release adds support for rendering raw HTML elements in Markdown through the new allow_dangerous_html configuration option.

What's New

Allow Dangerous HTML Configuration

vss now supports the allow_dangerous_html option in the Markdown rendering configuration. This allows you to include raw HTML in your Markdown files that will be rendered as-is.

Configuration

Add the following to your vss.toml:

[build.markdown]
allow_dangerous_html = true

By default, this is set to false for security reasons.

Security Warning

⚠️ Important: Enabling allow_dangerous_html = true allows HTML comments and raw HTML elements to be processed. This can potentially create security vulnerabilities if you:

• Accept user-generated content
• Process untrusted Markdown files
• Allow third-party contributions without review

Only enable this option if you control all Markdown content and understand the security implications.

Use Cases

With allow_dangerous_html = true, you can:

• Use HTML comments in your Markdown:

  <!-- This comment will be preserved -->
  

• Include custom HTML elements:

  <details>
    <summary>Click to expand</summary>
    Content here
  </details>
  

• Embed scripts or other HTML:

  <div class="custom-component">
    Custom content
  </div>
  

Implementation Details

This option controls the allow_dangerous_html setting in the underlying markdown-rs parser that vss uses for rendering.

Further Reading

For more information about the security implications and technical details, see:

• markdown-rs Security Documentation

For more information, see the CHANGELOG.