This is a plugin for Obsidian (https://obsidian.md). Can open document with .html and .htm file extensions.
This is a plugin for Obsidian (https://obsidian.md). Can open document with .html
and .htm
file extensions.
Browse
button to open Community plugins browsing dialog.Install
button to install this plugin.Enable
button to enable this plugin.main.js
and manifest.json
files from Releases list to your vault <path>/<to>/<vaultFolder>/.obsidian/plugins/obsidian-html-plugin/
.Set Operating Mode for this plugin to protect user and app.
Images | Styles | Scripting | DSD* | CSP# | HTML Sanitization | Isolated | |
---|---|---|---|---|---|---|---|
Text Mode | No | No | No | Yes | Yes | Yes | Yes |
High Restricted Mode | Yes[1] | Partial | No | Yes | Yes | Yes | Yes |
Balance Mode | Yes | Yes | No | Yes | Yes | Yes | Yes |
Low Restricted Mode | Yes | Yes | Partial[2] | Yes | No | No | Yes |
Unrestricted Mode | Yes | Yes | Yes[3] | Yes | No | No | Yes |
*: Declarative Shadow DOM
#: Content Security Policy
[1]: The external image sources would be blocked by CSP.
[2]: The script codes inside <script>
and external script files are still not executable.
[3]: The external script files may not executable due to Obsidian's limitation.
Text Mode - Highly recommended for the files came from untrusted source! This mode almost sanitized all visual effects, script codes, and styles out. eanwhile, it keeps text parts for reading the content of HTML files with HTML layout elements.
High Restricted Mode - This mode recommended for the user who wants more security. It would keep custom elements but sanitize unsafe HTML elements out, as well as unsafe attributes and their contents. The external image sources would be blocked by CSP, and the images are only available from the HTML files themselves.
Balance Mode - This mode is the default mode for this plugin. It would keep all custom elements and HTML elements, but sanitize unsafe attributes and their contents out.
Low Restricted Mode - This mode would not sanitize anything, all elements and their content would be keeped. The script codes inside <script>
still not executable, nor the external script files.
Unrestricted Mode - This mode is very dangerous and may cause the Obsidian app crash, THE OBSIDIAN AND THIS PLUGIN CANNOT ASSUME RESPONSIBILITY OR LIABILITY FOR SWITCHING TO THIS MODE . It would not sanitize anything, all elements and their content would be keeped. The Obsidian app itself might adjust something. The external script files may not executable due to Obsidian's limitation. Strongly recommended not switching to this mode for normal usage.
If you encounter troubles after switch to this mode, it is recommended to take these recovery steps:
Sometimes you still cannot see what you want, then you should check the content of HTML file. This mode is just leave the content alone (only adjust the external link anchor tags to let them open in default browser windows), but the file might has some self-contained security protection facilities (such as CSP) and they would block something to avoid XSS attacks. If you find something like <meta http-equiv="Content-Security-Policy" />
inside the HTML file, it means the file is protected by CSP mechanism. You might
<meta>
tag by hands.This section would try to explain some terms used by Operating Mode more detail. You can ignore some terms without bold font face (they are technical terms).
'self'
setting is almost meaningless for Obsidian.:target
pseudo-class event would never be fired. You can get more details from the CSS Isolation wiki page.<xxx-yyy>
and they are often incorporated with related javascript codes. Therefore, when the scripting is disallowed, the custom HTML tags are almost useless and would act as pure containers.Set HTML
element background color forcely.Open HTML format files with user defined file extensions (list of comma separated strings). Change this setting may cause other plugins un-workable, so you shall know very clearly what you are doing. Remember to relaunch the Obsidian app after change this setting!
Almost all keyboard hotkeys are taken from Obsidian's global hotkey settings, so you shall modify them via ⚙"Settings" ⇨ "Hotkeys" options page.
That means this plugin does not design any new configuration interface for keyboard hotkeys. And it just show the first two settings of corresponding hotkeys with readonly mode.
Search current file.
Zoom in current file.
Zoom out current file.
Reset current file zoom.
Zoom the document using Ctrl + Wheel (zoom in: ↑, zoom out: ↓), or using the trackpad/touch screen/touch panel two-finger pinch-zoom gesture (zoom in: ← →, zoom out: → ←).
After opening HTML files, the three dots ⋮ "more options" menu icon on right-upper corner of tab would be added some menu items.
Open search bar.
Zoom in current file.
Zoom out current file.
Reset current file zoom.
npm i
to install necessary packages.(You need Node.js installed on your development environment)npm run dev
would build the plugin files.Cannot see local image files like <img src="./image1.jpg" />
or <img src="file:///C:/image1.jpg" />
app://local/
or app://local//
prefix string to src
attribute by hands(refer to "Allow embed of Local images using ![](file:///...)
").After some .html files were opened, they look like blank pages and cannot see original contents.
.html
and .htm
file extensions" is the description written for end-users without technical background. It doesn't mean this plugin can open all kinds of files with .html or .htm file extensions, especially when the file actually is other document type but renamed to .html or .htm file extension.Some HTML elements disappeared
Almost all script codes cannot work
<script>
in the HTML file would be blocked, and the external script files are the same.<... onload="alert(1)">
would be removed.Cannot zoom in or out by mouse wheel on mobile platforms
The zoom related hotkey settings are disappeared on mobile platforms
The presentation style of search results is different with Markdown documents