I just got silverbullet running and I’ve been stuck on something pretty simple for a while.
I want to make an ordered list that starts at zero, instead of one. To my knowledge the only way to do this would be to write it in HTML.
However, silverbullet doesn’t seem to want to render HTML. Is there some way of doing this? Maybe a renderer I’m unaware of? I’ve scoured the docs but haven’t really seen any examples. The only thing I’ve seen that might work would be a space-script but that seems like overkill.
One reason I’ve been holding back on implementing this is the bigger question of a reasonable approach to security.
Markdown is relatively safe. You don’t have to worry that opening a markdown file can do damage and run random scripts. When we allow embedding plain HTML there are more ways to do that. This means that if you’d open pages from untrusted sources, you could be in trouble.
Is that ok?
You could argue: well I’m self hosting SilverBullet, the content is coming from me, and I can be trusted so YOLO. Is that reasonable?
To some degree yes. But we also have Libraries and I’d like to do more with them. The pattern may become that people fetch SilverBullet libraries from various sources without scrutinizing them too much. Those libraries may contain random scripts, or random HTML code that is malicious. Is that ok?
The easy solution is to simply say yes: this is your responsibility. Power over pure safety.
I’d be interested in other people’s ideas on this topic.
Yeah, I thought on it for a bit, and this is pretty much my stance, at least for my current use case. I’m expecting to vet any third party content before running it.
I wouldn’t mind if the functionality was gated behind enabling something in the config. Maybe a whitelist of HTML elements? Maybe an ENABLE_UNSAFE_FEATURES flag? If the Library author tells you you need to enable that flag, at least that’s a clear indicator that you should look at their code first.