Markdown

The markdown configurable defines what can be rendered in Markdown by Swarm for project overview pages and files stored in the Helix Core Server. By default, markdown is set to safe, Markdown text is displayed, but Markdown support is limited to prevent execution of raw HTML and JavaScript content.

Tip
  • Valid Markdown file extensions are: md, markdown, mdown, mkdn, mkd, mdwn, mdtxt, mdtext.

  • By default, project overview pages are displayed when there is a README Markdown file in the project mainline. This can be disabled by your Swarm administrator, see Project readme.
Tip

If you make a configuration change, Swarm will not use it until the configuration cache has been reloaded, this forces Swarm to use the new configuration. You must be an admin or super user to reload the Swarm config cache. Navigate to the User id dropdown menu, select System Information, click the Cache Info tab, and click the Reload Configuration button.

Add or update the following configuration block to the SWARM_ROOT/data/config.php file, at the same level as the p4 entry:

<?php
    // this block should be a peer of 'p4'
    'markdown' => array(
        'markdown' => 'safe', // default is 'safe'
    ),
  • safe: Markdown content is displayed, but Markdown support is limited to prevent execution of raw HTML and JavaScript content. This is the default.
  • unsafe: Markdown support is unrestricted, allowing full HTML and JavaScript to be used. This is insecure as any person with access to Swarm can add script to the Markdown which would execute as the currently logged in user.
  • disabled: Markdown text is not rendered and is only displayed as plain text. This is the most secure setting.
Note

Markdown content is displayed in comments and review descriptions, but Markdown support is limited to prevent execution of raw HTML and JavaScript content. This is the equivalent of safe mode and cannot be changed.