Markdown file upload fails due to HTML code block

The CMS Questions
1

I’m working on a small website to host user manuals for my clients. To streamline the process, I’m using Kirby alongside a PHP Markdown parser so that I can simply upload an MD file of the manual and convert it into a static web page.

However, I encountered an unexpected file upload error whereby an.md file containing a code block with a <style> or <script> tag is flagged as an HTML file during the upload process. Funnily enough, other HTML tags can still be uploaded.

This can be uploaded without any issue:

```
<div>
  <h1>…</h1>
</div>
```

But this can’t:

```
<style>
…
</style>
```

or 

```
<script>
…
</script>
```

Screenshot 2026-04-07 at 1.06.47 PM
Screenshot 2026-04-07 at 1.06.47 PM1464×614 23.3 KB

While I understand why HTML files aren’t allowed, preventing a Markdown file from being uploaded just because one of its code blocks contains an arbitrary tag seems a bit extreme.

I would be interested to know if there is a good reason for this safety measure and if there is a workaround for my specific use case.

For now, I have opted to create the file and its .txt counterpart manually in the content folder. This works, but is rather inconvenient.

Thank you in advance for your insights,
Noé Gogniat

2

Why not just use a Textarea field which is able to accept Markdwn and just paste the content from your markdown file into it?

3

Silly me, that would make way more sense.

Still, out of curiosity, are there any good reasons for this safety measure?

4

Two things combining here:

  1. Kirby looks looks at file contents, not the extension. <style> and <script> tags cause it to detect text/html even inside markdown code fences.

  2. Kirby hardcodes a block on text/html in FileRules::validMime() as XSS protection. This can’t be bypassed with accept: true.