Mercurial > public > sg101

diff core/markup.py @ 849:ff645a692791

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
For issue #79, use bleach to sanitize both user input markdown & html.
author Brian Neal <bgneal@gmail.com>
date Thu, 30 Oct 2014 19:30:37 -0500
parents 32ebe22f0cad
children 98d2388b6bb2
line wrap: on
line diff
--- a/core/markup.py	Tue Oct 28 19:33:14 2014 -0500
+++ b/core/markup.py	Thu Oct 30 19:30:37 2014 -0500
@@ -8,22 +8,23 @@
 from smiley import SmilifyMarkdown
 from core.mdexts.urlize import UrlizeExtension
 from core.mdexts.deleted import DelExtension
+from core.html import clean_html
+
 
 class Markdown(object):
     """
     This is a thin wrapper around the Markdown class.
 
     """
-    def __init__(self, safe_mode='escape'):
-        self.md = _markdown.Markdown(safe_mode=safe_mode,
-                                     extensions=[
+    def __init__(self):
+        self.md = _markdown.Markdown(extensions=[
                                          UrlizeExtension(),
                                          'markdown.extensions.nl2br',
                                          DelExtension(),
                                      ])
 
     def convert(self, s):
-        return self.md.convert(force_unicode(s))
+        return clean_html(self.md.convert(force_unicode(s)))
 
 
 def markdown(s):