django.contrib.markup question
5 views
Skip to first unread message
Rodney Topor
Aug 23, 2011, 4:45:02 AM8/23/11
to Django users
Um, Markdown is supposed to allow users to enter marked-up text
safely, isn't it? But the output of the markdown filter is assumed to
be safe. Writing {{ input_text|escape|markdown }} in a template
doesn't appear to escape raw HTML in the input text before the
markdown filter is applied. So how can one use markdown safely?
Rodney
safely, isn't it? But the output of the markdown filter is assumed to
be safe. Writing {{ input_text|escape|markdown }} in a template
doesn't appear to escape raw HTML in the input text before the
markdown filter is applied. So how can one use markdown safely?
Rodney
Rodney Topor
Aug 23, 2011, 11:22:10 PM8/23/11
to Django users
OK. I found the answer to my own question. Page 128 of Practical
Django Projects, 2nd Edition, by James Bennett gives the solution.
Write the following:
{{ input_text|markdown:"safe" }}
Note there must be no space between the colon and the quote, despite
what is in the book. Note also that this solution is not provided in
the documentation of the markup package, which simply says "read the
source code for more details". Sheesh!
Rodney
Django Projects, 2nd Edition, by James Bennett gives the solution.
Write the following:
{{ input_text|markdown:"safe" }}
Note there must be no space between the colon and the quote, despite
what is in the book. Note also that this solution is not provided in
the documentation of the markup package, which simply says "read the
source code for more details". Sheesh!
Rodney
Reply all
Reply to author
Forward
0 new messages