From 843c1a5c2fe5ddffd0e1208e8b7ca12c4de342d7 Mon Sep 17 00:00:00 2001
From: ildyria <beviguier@gmail.com>
Date: Tue, 26 May 2026 21:33:56 +0200
Subject: [PATCH] Update Markdown configuration to a more secure practice

---
 config/markdown.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/config/markdown.php b/config/markdown.php
index 26db0f20c31..32a53b559f2 100644
--- a/config/markdown.php
+++ b/config/markdown.php
@@ -116,11 +116,12 @@
 	|
 	| This option specifies whether to allow risky image URLs and links.
 	|
-	| Default: true
+	| Default: false
 	|
+	| See: https://commonmark.thephpleague.com/2.x/security/#unsafe-links
 	*/
 
-	'allow_unsafe_links' => true,
+	'allow_unsafe_links' => false,
 
 	/*
 	|--------------------------------------------------------------------------
@@ -131,9 +132,10 @@
 	|
 	| Default: PHP_INT_MAX
 	|
+	| Very unlikely we need more than 10.
 	*/
 
-	'max_nesting_level' => PHP_INT_MAX,
+	'max_nesting_level' => 10,
 
 	/*
 	|--------------------------------------------------------------------------