# HG changeset patch # User Chris Eldredge # Date 1344879199 -3600 # Node ID 737c9dda302a667383cf0dec0e22a917878fd3c9 # Parent 8659ef2c4757c892fe48f194c46c2f6d18f8cebd Update readme. diff -r 8659ef2c4757 -r 737c9dda302a ReadMe.markdown --- a/ReadMe.markdown Mon Aug 13 18:33:12 2012 +0100 +++ b/ReadMe.markdown Mon Aug 13 18:33:19 2012 +0100 @@ -2,12 +2,14 @@ ============================ Similar to GitHub, this module looks for a file named ReadMe.md or -ReadMe.markdown (case insensitive) in the "default" revision. +ReadMe.markdown (case insensitive). A custom theme is provided that displays the formatted contents on the summary (index) view. -In addition to showing formatted information on the summary view, this module enables any -other markdown content to be rendered using the url pattern `/repo/markdown/changeid/WikiPage.md`. +In addition to showing formatted information on the summary view, this module replaces +the default `file` view for `.md` or `.markdown` files, enabling you to use the +[WikiLinks](http://packages.python.org/Markdown/extensions/wikilinks.html) extension +to support documentation split across several pages. ##Install## @@ -20,6 +22,7 @@ [web] templates = /example/hgext.markdown style = markdown + markdown.changeid = tip #optional; 'tip' is default value. [extensions] hgext.markdown=/example/hgext.markdown @@ -33,6 +36,10 @@ ##Preview## -You can preview changes before committing them by browsing to `/repo/markdown/_preview/ReadMe.markdown`. -The `_preview` keyword makes this extension look for content in the working copy. +You can preview changes in your working copy before committing them by browsing to e.g. `http://localhost:8000/preview/ReadMe.markdown`. + +##Security## +This extension enables users with commit/push access to hgweb to create arbitrary html content that may be browsed by other users. +At this time no attempt has been made to detect or prevent attacks such as cross-site scripting (xss) and other types of attacks. +In general this extension should only be used if you trust all users with push access.