mirror of
				https://github.com/django/django.git
				synced 2025-10-25 14:46:09 +00:00 
			
		
		
		
	Markdown enable_attributes is now False when safe_mode is enabled. Documented the markdown "safe" argument. Added warnings when the safe argument is passed to versions of markdown which cannot be made safe. Deprecated versions of markdown < 2.1. Many thanks to ptone for the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17735 bcc190cf-cafb-0310-a4f2-bffc1f526a37
		
			
				
	
	
		
			66 lines
		
	
	
		
			2.5 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			66 lines
		
	
	
		
			2.5 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| =====================
 | |
| django.contrib.markup
 | |
| =====================
 | |
| 
 | |
| .. module:: django.contrib.markup
 | |
|    :synopsis: A collection of template filters that implement common markup languages.
 | |
| 
 | |
| Django provides template filters that implement the following markup
 | |
| languages:
 | |
| 
 | |
| * ``textile`` -- implements `Textile`_ -- requires `PyTextile`_
 | |
| * ``markdown`` -- implements `Markdown`_ -- requires `Python-markdown`_
 | |
| * ``restructuredtext`` -- implements `reST (reStructured Text)`_
 | |
|   -- requires `doc-utils`_
 | |
| 
 | |
| In each case, the filter expects formatted markup as a string and
 | |
| returns a string representing the marked-up text. For example, the
 | |
| ``textile`` filter converts text that is marked-up in Textile format
 | |
| to HTML.
 | |
| 
 | |
| To activate these filters, add ``'django.contrib.markup'`` to your
 | |
| :setting:`INSTALLED_APPS` setting. Once you've done that, use
 | |
| ``{% load markup %}`` in a template, and you'll have access to these filters.
 | |
| For more documentation, read the source code in
 | |
| :file:`django/contrib/markup/templatetags/markup.py`.
 | |
| 
 | |
| .. warning::
 | |
| 
 | |
|     The output of markup filters is marked "safe" and will not be escaped when
 | |
|     rendered in a template. Always be careful to sanitize your inputs and make
 | |
|     sure you are not leaving yourself vulnerable to cross-site scripting or
 | |
|     other types of attacks.
 | |
| 
 | |
| .. _Textile: http://en.wikipedia.org/wiki/Textile_%28markup_language%29
 | |
| .. _Markdown: http://en.wikipedia.org/wiki/Markdown
 | |
| .. _reST (reStructured Text): http://en.wikipedia.org/wiki/ReStructuredText
 | |
| .. _PyTextile: http://loopcore.com/python-textile/
 | |
| .. _Python-markdown: http://pypi.python.org/pypi/Markdown
 | |
| .. _doc-utils: http://docutils.sf.net/
 | |
| 
 | |
| reStructured Text
 | |
| -----------------
 | |
| 
 | |
| When using the ``restructuredtext`` markup filter you can define a
 | |
| :setting:`RESTRUCTUREDTEXT_FILTER_SETTINGS` in your django settings to
 | |
| override the default writer settings. See the `restructuredtext writer
 | |
| settings`_ for details on what these settings are.
 | |
| 
 | |
| .. _restructuredtext writer settings: http://docutils.sourceforge.net/docs/user/config.html#html4css1-writer
 | |
| 
 | |
| Markdown
 | |
| --------
 | |
| 
 | |
| The Python Markdown library supports options named "safe_mode" and
 | |
| "enable_attributes". Both relate to the security of the output. To enable both
 | |
| options in tandem, the markdown filter supports the "safe" argument.
 | |
| 
 | |
|     {{ markdown_content_var|markdown:"safe" }}
 | |
| 
 | |
| .. warning::
 | |
| 
 | |
|     Versions of the Python-Markdown library prior to 2.1 do not support the
 | |
|     optional disabling of attributes and by default they will be included in
 | |
|     any output from the markdown filter - a warning is issued if this is the
 | |
|     case.
 |