we are reviewing Hugo Themes, in particular Netlify-CMS compatible themes.
We would like with this CMS to open the publication:
- to users with no technical skills ( i.e pasting random content in the CMS)
- to users we don’t trust ( i.e potentially trying to exploit the platform)
No moderation will take place, the content goes straight from the CMS to some live & public HTML.
Question #1: Do you have general advice about this usecase?
(let’s first consider that
unsafe is set to
Some appealing themes are shipping Netlify-CMS / Forestry and use the following setting in
[markup.goldmark.renderer] unsafe = true
Question #2: How to scope the risks induced by this setup? Is the content absolutely unfiltered in such a situation?
Question #3: Do you think of a way to properly filter the content submitted via a CMS?