I’d like to propose that the spec include a standard keyname for each of the features, so that implementations can use those standard names and implement feature whitelists/blacklists.
For example, 6.6 Images would have the keyname “images”, 6.8 Raw HTML would be “raw_html” etc.
The reason this is useful is that the implementations could all implement a whitelist and blacklist functionality, so that developers could then explicitly define which features they want to include in their application’s use of markdown.
As it is now, implementations often implement a “safe mode” which disables features like raw html, but this safe mode can be defined differently in different implementations. If someone wants to implement a messaging system using Markdown, where messages are in “safe mode” with multiple clients, right now it is hard to define what safe mode is and not implemented in a standardized way.
Further, and I know a related issue was discussed in (Make CommonMark safe by default?), I’d also propose that the Markdown spec include standard definitions of three modes: “trusting” (the current spec, with all features enabled), “cautious” (defined as blacklisting the raw_html feature), and “paranoid” (defined as whitelisting all the features EXCEPT raw_html, images, and anything else that would auto-include external content).