9
Using Muwu Securely
Muwu is designed to work only within the current working directory. Muwu allows only word characters ([a-zA-Z0-9_]) in filenames. Muwu sanitizes values that originate from metadata.yml.
Muwu allows raw HTML in markdown files by default. Some HTML elements can circumvent the security of the compiled HTML documents, including, but not limited to:
<embed><iframe><script>- any element with inline Javascript event handling
If you want exclude any raw HTML from the source text, set the option markdown_allows_raw_html to false. (Note that this will cause incompatibility with inline and fenced code blocks, because the compiled project would display escaped HTML sequences instead of the characters they represent.)
10
Contributing to Muwu
If you find Muwu useful, we would love to hear from you! However, Muwu is not yet formally accepting contributions. If development were to become open, contributors would be expected to abide by a Code of Conduct, a possible example being the Contributor Covenant.