Sybren A. Stüvel
ea2be0f13d
- Comments are stored in HTML as well as Markdown, so that conversion only happens when saving (rather than when viewing). - Added 'markdown' Jinja filter for easy development. This is quite a heavy filter, so it shouldn't be used (much) in production. - Added CLI command to update schemas on existing node types.
45 lines
918 B
Python
45 lines
918 B
Python
"""Bleached Markdown functionality.
|
|
|
|
This is for user-generated stuff, like comments.
|
|
"""
|
|
|
|
from __future__ import absolute_import
|
|
|
|
import bleach
|
|
import markdown as _markdown
|
|
|
|
ALLOWED_TAGS = [
|
|
'a',
|
|
'abbr',
|
|
'acronym',
|
|
'b', 'strong',
|
|
'i', 'em',
|
|
'blockquote',
|
|
'code',
|
|
'li', 'ol', 'ul',
|
|
'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
|
|
'p',
|
|
'img',
|
|
]
|
|
|
|
ALLOWED_ATTRIBUTES = {
|
|
'a': ['href', 'title', 'target'],
|
|
'abbr': ['title'],
|
|
'acronym': ['title'],
|
|
'img': ['src', 'alt', 'width', 'height', 'title'],
|
|
'*': ['style'],
|
|
}
|
|
|
|
ALLOWED_STYLES = [
|
|
'color', 'font-weight', 'background-color',
|
|
]
|
|
|
|
|
|
def markdown(s):
|
|
tainted_html = _markdown.markdown(s)
|
|
safe_html = bleach.clean(tainted_html,
|
|
tags=ALLOWED_TAGS,
|
|
attributes=ALLOWED_ATTRIBUTES,
|
|
styles=ALLOWED_STYLES)
|
|
return safe_html
|