RichTextField escaping

50 views
Skip to first unread message

Ahmad Khayyat

unread,
Jun 15, 2013, 1:53:51 PM6/15/13
to mezzani...@googlegroups.com
In mezzanine-pagedown, we are having an issue with Markdown's blockquote syntax (> quoted text) and Mezzanine's RichTextField escaping.

The default filter level causes the '>' to become '>' on save. So, the markdown filter never sees the '>'.
RICHTEXT_FILTER_LEVEL = 3 (None) fixes the issue, but may be somewhat permissive, given that HTML markup is valid Markdown markup.

Any ideas on how to fix this cleanly?

Stephen McDonald

unread,
Jun 15, 2013, 7:43:41 PM6/15/13
to mezzani...@googlegroups.com
Perhaps set the filter level to none, and perform filtering when it's rendered.

--
You received this message because you are subscribed to the Google Groups "Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-use...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 



--
Stephen McDonald
http://jupo.org

Ahmad Khayyat

unread,
Jun 15, 2013, 9:50:13 PM6/15/13
to mezzani...@googlegroups.com, st...@jupo.org
On Saturday, June 15, 2013 7:43:41 PM UTC-4, Stephen McDonald wrote:
 
Perhaps set the filter level to none, and perform filtering when it's rendered.

Yes, given that the output of the markdown filter is pure HTML, it makes sense to clean after the markdown filter, not before it.

However, this reverses the Mezzanine flow. Mezzanine cleans first in the RichTextField itself, then runs the rendering filter (e.g. markdown) in the template.
So, to implement this, I'd need to disable Mezzanine's cleaning (by setting RICHTEXT_FILTER_LEVEL to 3/None), and provide my own clean filter to use it in the template.

The worse side effect of this approach, IMO, is that switching between tinymce and pagedown would not be transparent anymore. To switch to pagedown, you must:

  1. Disable RichText filtering (LEVEL = 3)
  2. Change your templates from: page.richtextpage.content|richtext_filter|safe
    to page.richtextpage.content|richtext_filter|clean|safe

(clean can be called by richtext_filter, but the following problem still applies)

Another problem with calling a clean filter is that it cannot use the RICHTEXT_FILTER_LEVEL setting, because it must be set to None! So the filter level configurability is lost. Even worse, if a safe clean is used by default, it will drive the user crazy trying to figure out why things are stripped out despite setting the filter level to None!


A completely different solution is to keep things as they are, and reverse the effect of the wrongful escape afterwards, by replacing > occurrences that should produce blockquotes with > back.

Not sure where to go from here..


Josh Cartmell

unread,
Jun 17, 2013, 12:02:26 AM6/17/13
to mezzani...@googlegroups.com
Hey Ahmad you could set up a custom richtext_filter that first converted markdown to html and then cleaned, that way the template code wouldn't have to change at all.



Ahmad Khayyat

unread,
Jun 17, 2013, 12:16:42 AM6/17/13
to mezzani...@googlegroups.com
On Mon, Jun 17, 2013 at 12:02 AM, Josh Cartmell <joshc...@gmail.com> wrote:
Hey Ahmad you could set up a custom richtext_filter that first converted markdown to html and then cleaned, that way the template code wouldn't have to change at all.

Yes, this appears to be the sanest way to deal with this. However, it does not address the problem below.

(clean can be called by richtext_filter, but the following problem still applies)

Another problem with calling a clean filter is that it cannot use the RICHTEXT_FILTER_LEVEL setting, because it must be set to None! So the filter level configurability is lost. Even worse, if a safe clean is used by default, it will drive the user crazy trying to figure out why things are stripped out despite setting the filter level to None!

My current thinking is to introduce a new option of my own, perhaps PAGEDOWN_FILTER_LEVEL, for use with the pagedown editor.
Reply all
Reply to author
Forward
0 new messages