dcolish / flask-markdown Goto Github PK

I have Flask running under defaults which automatically escape any variable referenced in a template. If I pass a variable named injection to my template with a value of <script>alert('bad news');</script>, the following things happen based on the template code:

{{ injection }} prints the text <script>alert('bad news');</script>

{{ injection|markdown }} runs the JS and pops up an alert window

{{ injection|e|markdown }}, which explicitly escapes the text, seems to prevent the JS from running, plus Markdown works normally. So, this works.

It would preferable to not override this safe default which people are accustomed to when using Flask.

edit: for clarity

Hi there !

Just installed your flask extension and I can't seem to get it to work:

{% extends "main/main.html" %}
{% block body %}
    {% filter markdown %}
        oA (**OpenApprentice**) is a new look on solving a very specific problem:

        How to get people the exact experience necessary to achieve competence in any given domain; and in gaining that competence, achieve it in an effecient, personalized and verifiable manner?

        The world today has the technology to solve nearly all problems.  From education, to medicine, to space travel and entertainment. From economic disparity within and between countries to income inequility between the the very poorest to the very richest. From agriculture to self-driving vehicles.  The technology exists or the know-how exists to apply the existing technologies to these problems.

        What we are missing are enough competent technicians, leaders, teachers and programmers. We are missing problem solvers, independent thinkers, scientists and artists. And so OpenApprentice is founded to provide a very real and useable path for those willing to apprentice, learn, teach and gain the experience necessary to accomplish the solutions within a company they are hired to work for or to start their own company or activity in the accomplishment of their unique visions.

        OpenApprentice was created on the premise that competence, ability to learn, teach and lead, proven reliability and proven performance are alone the measure of ones value to a company and to society. That with these requisites, one's age, color, sex, and even geographic location (in most cases) should not determine or influence the value to any given project, organization or company.

        We believe that when workers have options and know they have options within and for their careers, that this freedom alone permits for the best and most humane contribution. With that freedom and choice of where and who to work for, more good than evil will be affected. For our basic premise and empirically evident, is that the overwhelming majority of human beings are good and well intentioned, and these, the good and well intentioned should not fall prey to the whims of the smallest minority.
    {% endfilter %}
{% endblock %}

This results in

Can it be because of bootstrap ?

Not sure if only I had this problem.

For Flask 0.9 (for the two ways):

from flaskext.markdown import Markdown
from flask.ext.markdown import Markdown

the result is:

ImportError: No module named flaskext.markdown
ImportError: No module named flask.ext.markdown

I solved it with this:

1. in 'site-packages' create a folder 'flask_markdown'
2. in folder 'flaskext' copy 'markdown.py' and 'markdown.pyc' and paste in the folder 'flask_markdown'
3. rename both files as 'init.py' and 'init.pyc'
4. restart uwsgi
5. Use 'from flask.ext.markdown import Markdown'
6. ok!

Hi,

Python Markdown has the feature of not reseting between uses of Markdown.convert() but this is sometimes undesirable. Sometimes it's desirable to do a reset before each call. And this is best handled (imho) within Flask-Markdown.

I've modified my local version of flask-markdown to have a auto_reset flag, much like the auto_escape flag.

I'm happy to do a pull request to add it in, but want to gauge interest first.

Thoughts?

Cheers,

Ben

Hello,

Following the evolution of Flask, an error appears on the "flask-markdown" module.

• pallets/flask#5223
• pallets/flask#5293

Would it be possible to fix the module to fit Flask 3.x. x?

Thank you for your help,

I have a help file with a numbered list. Some list items have sub-lists, either numbered or bullet points. The first level of nesting is incorrectly promoted to the top level. The second level of nesting is handled appropriately, after incorrectly promoting the first nested level to the top level :-(

Below is a snippet of the markdown that renders incorrectly, excerpted from https://github.com/commonloon/coha-gcloud/blob/main/static/HELP.md

Android Users

1. Make sure location services are enabled for your phone.
2. Travel to the station where you will take your first observation
3. Enter your name in the Observers field.
   • also add the name of anyone who is helping you do the survey
   • The observer name(s) will be saved in your browser, so you should only have to do this the first time you use the website
4. Select the survey quadrat
   • the quadrat will also be saved in your browser. You will only need to change it if you survey more than one quadrat.
5. Select the station (1-16)
   • other fields will be disabled until the station is selected
   • selecting the station will automatically set the latitude and longitude.
     • use the "Update Location" button near the map to update the latitude and longitude with the current GPS coordinates
     • you can manually enter latitude and longitude values if you wish. WARNING: manually entered values will be overwritten if you change the station or press "Update Location"
6. Turn on your bluetooth speaker
   • make sure your phone is paired and the volume set to max.
7. Select appropriate values for cloud cover, wind speed and noise at this station
8. When you are ready, begin the survey protocol
   1. the "Start Survey" button automates the audio part of the survey protocol
      1. pushing the button starts a two minute timer.
         1. Use this time to look for hawks in the area
         2. if you see a COHA, press the button again to stop the audio playback
      2. after two minutes, the web app will play a recorded COHA call for 20 seconds, then pause for 40 seconds
         • if you see or hear a COHA, press "Stop Survey" to stop the audio playback
      3. the app repeats the call playback/pause three times
      4. the final timer counts down an additional two minutes, during which time you should continue to look and listen for COHAs
   2. When you have finished your observation at this station (at the end of the protocol or immediately on detecting a COHA), use the "Was COHA detected" dropdown to record whether you observed a COHA.
      • if a COHA was detected, use the next several fields to record details such as direction and distance
   3. Optionally add notes to the notes field
   4. Press the "Save Observation" button to save your observation.
      • NOTE: your data will be lost if you don't press "Save Observation"!
9. Go to the next station and repeat steps 5-8 until you have surveyed the entire quadrat
   • NOTE: the location is set when you select the station, so select the station after you have arrived in the location where you plan to observe.
   • If you need to reset your location before saving, use the "Update Location" button

Hey, I can't seem to get the md syntax for strike

<strike></strike>

to render, is this inside flask-markdown or elsewhere?

Thanks!

Is there anyway to incorporate the flask/jinja url_for links into a markdown url?

I'm trying [link text]( {{ url_for('my_site.route') }} ), which doesn't work.

On mac osx 10.6 and on my dreamhost account using easy_install results in the following error.

error: Couldn't find a setup script in /tmp/easy_install-zRzxMy/Flask-Markdown-0.3.macosx-10.3-fat.tar.gz

Works if I download it from here.

I've set Markdown(app, extensions=['footnotes','toc']), and I have my docs generated in HTML,

{% filter markdown %}{% include "docs.md" %} {% endfilter %}

I'd like to generate a table of contents within Jinja template. How is it can be done?

At the moment I am not able to initiate flask-markdown with the application factory pattern. Would be nice if this will be supported in future.

from flaskext.markdown import Markdown
markdown = Markdown()
def create_app(config_name):
    app = Flask(__name__)
    markdown.init_app(app)

Btw standard flask extensions can be imported like from flask_markdown import Markdown. Why is it not like this?

Hi , I'm new to flask . But I get an error:
ImportError: No module named markdown