⚠️ POTENTIAL BREAKING CHANGE: The sanitize_preview option for the Markdown widget is now set to true by default in Sveltia CMS. This follows a report of a XSS vulnerability in Decap CMS.

The discovered vulnerability itself does not affect Sveltia CMS, as our entry preview implementation is completely different. However, the Markdown widget was potentially vulnerable to XSS attacks because the sanitize_preview option was set to false by default for compatibility with Netlify/Decap CMS. This behaviour is documented and is not a bug, but it’s definitely not secure. In this release, we changed the default value to true, assuming that most users would prefer security over compatibility.

Full Changelog: v0.104.3...v0.105.0

Follow us on Bluesky!