blackqoute test

this syntax when:

 message = ">this is a test"
{{ message|apply_markup:"markdown" }} 

>remove and display "[HTML_REMOVED]this is a test",

As per subject line - I've found this a useful little package, simple and to the point. I'm using it on a site that runs Python 3.3/Django 1.7, and the latest release (0.4) does not work - but the Github HEAD works fine.

Hi @bartTC!

I had a problem using the 1.4 version of django-markup. It seems the dependency bleach_whitelist isn't required:

    new_obj = func(obj, *arg_vals)
  File ".../lib/python3.6/site-packages/django_markup/templatetags/markup_tags.py", line 11, in apply_markup
    return mark_safe(formatter(text, filter_name))
  File ".../lib/python3.6/site-packages/django_markup/markup.py", line 100, in __call__
    return filter_class().render(text, **filter_kwargs)
  File ".../lib/python3.6/site-packages/django_markup/filter/markdown_filter.py", line 23, in render
    from bleach_whitelist import markdown_tags, markdown_attrs
ModuleNotFoundError: No module named 'bleach_whitelist'

Problem

This classical restructured text formatting for section headers is not rendered as expected by django_markup.

********
Header 1
********

Header 2
========

Header 3
--------

Header 1 & 2 are pure and simply forgotten.

Diagnotic

After some investigations, django_markup uses docutils.core.publish_parts to render rst. django_markup uses this code to render rst:

def render(self, text, **kwargs):
    from docutils import core
    publish_args = {'source': text, 'writer_name': 'html4css1'}
    publish_args.update(**kwargs)
    parts = core.publish_parts(**publish_args)
    return parts['fragment']

parts['fragment'] returns body content only from header 3, which is in agreement with the docutils documentation:

parts['fragment'] contains the document body (not the HTML ). In other words, it contains the entire document, less the document title, subtitle, docinfo, header, and footer.

Proposed solution.

Use parts['html_body'] instead of parts['fragment']:

def render(self, text, **kwargs):
    from docutils import core
    publish_args = {'source': text, 'writer_name': 'html4css1'}
    publish_args.update(**kwargs)
    parts = core.publish_parts(**publish_args)
    return parts['html_body']

Hello!
I noticed such a declaration in setup.cfg

classifiers=
    ...
    Programming Language :: Python :: 3.7
    Programming Language :: Python :: 3.8
    Programming Language :: Python :: 3.9
    Programming Language :: Python :: 3.10
   

so I guess you want to set python>=3.7. And I think it is a better way to declare Python compatibility by using the keyword argument python_requires than argument classifiers for some reasons:

• Descriptions in python_requires will be reflected in the metadata
• “pip install” can check such metadata on the fly during distribution selection , and prevent from downloading and installing the incompatible package versions.
• If the user does not specify any version constraint, pip can automatically choose the latest compatible package version for users.

Way to improve:
modify [options] in setup.cfg add python_requires keyword argument:

[options]
python_requires= >=3.7

Thanks for your attention.
Best regrads,
PyVCEchecker

https://github.com/bartTC/django-markup/blob/master/src/django_markup/bundles/WikiCreole/creole2html.py

>>> parse(u'[[test]] [[tset|test]]')
<p><a href="test">test</a> <a href="tset">test</a></p>

return u'<a href="%s">%s</a>' % (
            self.attr_escape(target), inside)

with "test", containing special characters, i think, need no escape, but urllib.quote ?

On Pypi there is an 1.6 release, which was not tagged on git. Could you please add that tag?

How is it possible to display images? when using for example a ReST filter with:
{{ ".. image:: images/mypic.png"|apply_markup:"restructuredtext" }}, I can't think of a solution to make Django find the picture in the right folder...
Can we use static in addiction??

HI,

from django_markup.markup import formatter

dd = '''```
aaaa


dddd


cccc

 ```'''
print formatter(dd, filter_name='markdown', safe_mode=True)

bad output :

<p>```
aaaa</p>
<p>dddd</p>
<p>cccc</p>
<p>```</p>

valid output:

aaaa


dddd


cccc

Hello,

Thank you very much for your package. I have a problem using restructuredtext. When I try to apply the markup on this kind of text :

.. code-block:: python

  def test():
    return 'Hello World'

It doesn't work, it shows Cannot analyze code. Pygments package not found.

So I have installed

pip3 install Pygments
apt-get install python3-pygments

and it still doesn't work. I know it might not come from your application, but I don't find any explanation elsewhere. Do you have any idea?

Other info : Ubuntu Server 16.04

The ReST 'raw' directive opens up a web site to XSS, and the 'include' directives opens you up to file inclusion by default:

http://docutils.sourceforge.net/docs/howto/security.html

It looks like MARKUP_SETTINGS allows you to specify the configuration you need to be secure. However, it isn't the default. Even if you had a default MARKUP_SETTINGS that was secure, if someone wanted to specify their own 'settings_overrides', it would be all to easy to forget to include the secure defaults.

It would be great if some secure defaults were hard coded, and they could only be overridden by explicitly reversing them:

MARKUP_SETTINGS = {
    'restructuredtext': {
        'settings_overrides': {
            'raw_enabled': True,
            'file_insertion_enabled': True,
        }
    }

You might decide that the ReST filter should only be used on trusted inputs, or that implementing this would be a bit hacky. However, for something aimed at use on the web, I think that defaulting to secure would be so much better, and worth a bit of hackiness.

I can implement this if it would be accepted. However, I can't see any existing tests - do you have a test suite?

Hi @bartTC

If I install django-markup with all filter dependencies, in the 1.3 version it is ok, but the 1.4 version is buggy:

$ pip install django-markup[all-filter-dependencies]==1.4
    ...
    django-markup 1.4 does not provide the extra 'all-filter-dependencies'

I'm not sure if it is a bug in the requirements or a mistake from the docs, that still talk about this flag.

Hi,

XSS = [XXX]( javascript:alert('123');)
{{ XSS|apply_markup:"markdown" }}

result :
alert(123)

Hi and thanks for your work on this library.

Problem description

While installing the current version of django-markup==1.7.1, I noticed getting an error during installation:

error: Django 3.2.18 is installed but django>=3.7 is required by {'django-markup'}

Possible cause

I am using Django 3.2 in a project which seems to be incompatible due to the following constraint introduced in 16ab1bf:

Is it intended to require that non-existing Django version? I also didn't find any hint in the README that the newest version shouldn't be compatible.

Thank you very much for your time.

Can I automatically highlight links?

It doesn't seem to be working.

Is there a simple way to auto highlight links without user input like github and other sites do?

Thanks!

Integrate this Org-Markup template engine,
https://github.com/paetzke/orgco

Alternatives:

• http://devel.sheep.art.pl/creole/raw-file/tip/creole.py

I know the following is a bit general and not tightly related to this repo but maybe you can make the following use case a bit more clearer for new users like me

Could you add an explanation to the documentation how to apply styles for the (rst) generated markup?
I am a bit lost here because pygments seems to abbreviate the classes like kn or nn see: http://pygments.org/docs/styles/#builtin-styles
But instead, I get something like below. I saw that the unit test covers this with long class names too but I wonder why.

.. code:: python

    import os

    env_hi = os.env('hi')
    print(env_hi)

.. end code

<div class="document" id="hello">
<h1 class="title">Hello</h1>
<h2 class="subtitle" id="there">THERE</h2>
<pre class="code python literal-block"><span class="keyword namespace">import</span> <span class="name namespace">os</span>

<span class="name">env_hi</span> <span class="operator">=</span> <span class="name">os</span><span class="operator">.</span><span class="name">env</span><span class="punctuation">(</span><span class="literal string single">'hi'</span><span class="punctuation">)</span>
<span class="keyword">print</span><span class="punctuation">(</span><span class="name">env_hi</span><span class="punctuation">)</span>
</pre>
<!-- end code -->
</div>

Hi, with django-markup 1.6.0 and pygments 2.14.0 I see the following test case fail.

___________________ FormatterTestCase.test_rst_with_pygments ___________________

self = <django_markup.tests.test_filter.FormatterTestCase testMethod=test_rst_with_pygments>

    def test_rst_with_pygments(self):
        """
        Having Pygments installed will automatically provide a ``.. code-block``
        directive in reStructredText to highlight code snippets.
        """
        text = open(os.path.join(FILES_DIR, 'rst_with_pygments.txt')).read()
        expected = open(
            os.path.join(FILES_DIR, 'rst_with_pygments_expected.txt')
        ).read()
        result = formatter(text, filter_name='restructuredtext')
>       self.assertEqual(result, expected)
E       AssertionError: '<div[204 chars]span><span class="whitespace">\n</span>  <span[103 chars]v>\n' != '<div[204 chars]span>\n  <span class="keyword">return</span> <[71 chars]v>\n'
E       Diff is 721 characters long. Set self.maxDiff to None to see it.

django_markup/tests/test_filter.py:86: AssertionError

from django_markup.filter.creole import CreoleMarkupFilter

should be:

from django_markup.filter.creole_filter import CreoleMarkupFilter

How do I make the code block to rendered correctly. For example, if I write:

```python
from django.db import models</p>
class Person(models.Model):
    first_name = models.CharField(max_length=30)
    last_name = models.CharField(max_length=30)
\```

then I expect the html to be:

<pre>
<code>
from django.db import models
class Person(models.Model):
    first_name = models.CharField(max_length=30)
    last_name = models.CharField(max_length=30)
</code>
</pre>

How do I achieve that? I couldn't find the settings on the documentation. Thank you in advanced.

# Tags suitable for rendering markdown
markdown_tags = [
    "h1", "h2", "h3", "h4", "h5", "h6",
    "b", "i", "strong", "em", "tt",
    "p", "br",
    "span", "div", "blockquote", "code", "hr",
    "ul", "ol", "li", "dd", "dt",
    "img",
    "a",
    "sub", "sup",
]

This results in:

from django_markup.markup import formatter 
aaa = """
    I am a text that was converted with **markdown**!
    I am a text that was converted with **markdown**!
    I am a text that was converted with **markdown**!
"""
formatter(aaa, filter_name='markdown')

&lt;pre&gt;<code>I am a text that was converted with **markdown**!
I am a text that was converted with **markdown**!
I am a text that was converted with **markdown**!
</code>&lt;/pre&gt;

instead of

<pre><code>I am a text that was converted with **markdown**!
I am a text that was converted with **markdown**!
I am a text that was converted with **markdown**!
</code></pre>

Hi @bartTC. I'm using version 1.4.1 of django-markup. When I deployed my blog with heroku, when I try to watch an entry where I've applied the markdown filter, the blog sends me this error:

File "/app/.heroku/python/lib/python3.6/site-packages/django/template/base.py", line 697, in resolve
    new_obj = func(obj, *arg_vals)
  File "/app/.heroku/python/lib/python3.6/site-packages/django_markup/templatetags/markup_tags.py", line 11, in apply_markup
    return mark_safe(formatter(text, filter_name))
  File "/app/.heroku/python/lib/python3.6/site-packages/django_markup/markup.py", line 100, in __call__
    return filter_class().render(text, **filter_kwargs)
  File "/app/.heroku/python/lib/python3.6/site-packages/django_markup/filter/markdown_filter.py", line 23, in render
    from bleach_whitelist import markdown_tags, markdown_attrs

Exception Type: ModuleNotFoundError at /inicio/
Exception Value: No module named 'bleach_whitelist'