Closed ggrossetie closed 4 years ago
"unsafe" is the default when running Asciidoctor CLI from the command line. As in documentation-as-code environments developers would check out a repository and then build the docs locally, it is safe to assume that the "unsafe" mode from the command line is the right default.
Having said that the user should be able to configure this in the settings of the plugin.
I agree the default value should be "unsafe" but you might want to configure it to "safe" if you are suspicious about a repository or a file.
Thanks to @bit-man to provide an implementation for this feature! The user can now configure it in the plugin's settings. This is now merged into the master and will be part of the next release.
To close this issue, I think this needs a little bit of information what "Safe Mode" is about and what the different options are. Each enum item could receive a little bit more text to explain the option. A label like we have it for "URL of custom Kroki instance" would do explaining the default, and where to get more information. Like the label for Kroki it can link to a web site (Asciidoctor or the plugin's Wiki page) where the user finds more information).
A short snippet in FEATURES.adoc that summarizes all functionality available in the plugin would be nice as well.
Here a screenshot of the current settings menu:
Thank you for @bit-man to provide additional hints for the settings, this issue is now complete.
@ahus1 I've also added a tooltip explaining about Safe mode when mouse is over Safe mode label
A new pre-release 0.30.10 of this plugin includes this feature. The preview is available from GitHub releases and the IntelliJ AsciiDoc EAP repository.
I think we should allow the user to configure the safe mode: https://asciidoctor.org/docs/user-manual/#running-asciidoctor-securely
Currently the value is unsafe according to the value printed when using the attribute
{safe-mode-name}
in a document.AsciiDoc Plugin Version: 0.30.7