1
0
mirror of https://github.com/django/django.git synced 2024-11-18 15:34:16 +00:00
django/docs/ref/contrib/markup.txt
Paul McMillan 14df122f86 Fixed #17837. Improved markdown safety.
Markdown enable_attributes is now False when safe_mode is enabled. Documented
the markdown "safe" argument. Added warnings when the safe argument is
passed to versions of markdown which cannot be made safe. Deprecated
versions of markdown < 2.1. Many thanks to ptone for the patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17735 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-14 19:06:23 +00:00

66 lines
2.5 KiB
Plaintext

=====================
django.contrib.markup
=====================
.. module:: django.contrib.markup
:synopsis: A collection of template filters that implement common markup languages.
Django provides template filters that implement the following markup
languages:
* ``textile`` -- implements `Textile`_ -- requires `PyTextile`_
* ``markdown`` -- implements `Markdown`_ -- requires `Python-markdown`_
* ``restructuredtext`` -- implements `reST (reStructured Text)`_
-- requires `doc-utils`_
In each case, the filter expects formatted markup as a string and
returns a string representing the marked-up text. For example, the
``textile`` filter converts text that is marked-up in Textile format
to HTML.
To activate these filters, add ``'django.contrib.markup'`` to your
:setting:`INSTALLED_APPS` setting. Once you've done that, use
``{% load markup %}`` in a template, and you'll have access to these filters.
For more documentation, read the source code in
:file:`django/contrib/markup/templatetags/markup.py`.
.. warning::
The output of markup filters is marked "safe" and will not be escaped when
rendered in a template. Always be careful to sanitize your inputs and make
sure you are not leaving yourself vulnerable to cross-site scripting or
other types of attacks.
.. _Textile: http://en.wikipedia.org/wiki/Textile_%28markup_language%29
.. _Markdown: http://en.wikipedia.org/wiki/Markdown
.. _reST (reStructured Text): http://en.wikipedia.org/wiki/ReStructuredText
.. _PyTextile: http://loopcore.com/python-textile/
.. _Python-markdown: http://pypi.python.org/pypi/Markdown
.. _doc-utils: http://docutils.sf.net/
reStructured Text
-----------------
When using the ``restructuredtext`` markup filter you can define a
:setting:`RESTRUCTUREDTEXT_FILTER_SETTINGS` in your django settings to
override the default writer settings. See the `restructuredtext writer
settings`_ for details on what these settings are.
.. _restructuredtext writer settings: http://docutils.sourceforge.net/docs/user/config.html#html4css1-writer
Markdown
--------
The Python Markdown library supports options named "safe_mode" and
"enable_attributes". Both relate to the security of the output. To enable both
options in tandem, the markdown filter supports the "safe" argument.
{{ markdown_content_var|markdown:"safe" }}
.. warning::
Versions of the Python-Markdown library prior to 2.1 do not support the
optional disabling of attributes and by default they will be included in
any output from the markdown filter - a warning is issued if this is the
case.