This project is not covered by Drupal’s security advisory policy.

Security: This module is considered insecure by Drupal security team and all of it's releases have been unpublished. You are strongly encouraged to disable the module on your site.

For live preview functionality for nodes and comments, use the Live module, which properly escapes the user entered data using the content's current input format. See instructions below on how to replace Markdown Preview with the secure Live module.

How to get secure, live Markdown preview functionality:

  1. If you are currently using the Markdown Preview module, make sure to disable, uninstall, and remove the module entirely from your server.
  2. Download the latest Live and Markdown filter modules to your server's sites/all/modules folder and enable them via your site's modules page at admin/build/modules.
  3. Set up a new input format or add Markdown support to an existing format at admin/settings/filters. For best security, ensure that the HTML filter is after the Markdown filter on the "Reorder" page of the input format and that only markup you would like to allow in via HTML and/or Markdown is configured to be allowed via the HTML filter.
  4. Assign the appropriate live preview permissions to the desired user roles on admin/user/permissions#module-live:
    • The 'use live comment preview' permission for users that can preview their own comments.
    • The 'use live node comment preview' permission is for users that can preview their own nodes/content.
  5. For live node previews, you will also need select the content types that you want to enable for live preview. To do this, go the the Live module's settings at admin/settings/live (view screenshot). You should not need to adjust any other settings.
  6. Congratulations! You should now have live previews enabled! Note that the live previews will respect whatever comment or node input format is enabled or selected by the user.

Project information