Release v0.51.544 — Release TC (opt-in: render markdown in your own messages)
Ships #3933 (rodboev). Maintainer-approved concept (opt-in, default-off). Deep-gated for the two properties that matter: inert-when-off and XSS-safe-when-on.
Added
- Optional setting to render markdown in your own sent messages (#3870). By default, user message bubbles show typed markdown as-is (
**bold**,- lists,[links](url)stay literal — code fences and math already render). A new Settings → Conversation → "Render markdown in user messages" toggle (default OFF) routes user text through the samerenderMd()sanitizer assistant messages use, so your own markdown renders too. Fully opt-in and self-contained. Thanks @rodboev.
Gate
- Full pytest suite: 9837 passed, 0 failed
- Codex: SAFE TO SHIP — default/off path is byte-identical to master (verified at all 3 sites); ON reuses the existing allowlist sanitizer that rejects
javascript:/data:/vbscript:URLs - Opus: SAFE — SHIP — adversarially drove the real
renderMdwith XSS payloads (all blocked); both render cache layers correctly invalidated on toggle; meets the "zero chance it breaks anyone who doesn't opt in" bar - Visual: before/after confirmed — OFF shows raw
**markdown**, ON renders bold/list/link cleanly
Closes #3870.