Markdown overrides Flask's automatic escaping about flask-markdown HOT 9 CLOSED

You'll have to take that up with the markdown authors. This is merely glue.

from flask-markdown.

This has nothing to do with Markdown itself. Markdown is designed to operate on escaped content. I would think it would be fine to force escaping whenever it is called, but the more "correct" way would be to autoescape it normally.

It is possible to obtain the autoescaping configuration from the template context and honor it. The Jinja docs use this exact problem as an example, search for "current autoescape": http://jinja.pocoo.org/docs/api/#low-level-api

I am working on a patch. Please re-open the issue in the meantime.

from flask-markdown.

Are you saying that if you explicitly escape then markdown works correctly? I read your initial ticket to say that nothing worked if you explicitly escaped. I found that a surprising notion hence the closing of this ticket and the suggestion you talk with the markdown authors. Please clarify what the issue is with a failing test or a clearer reproduction case.

from flask-markdown.

I've reopened this for a fairly well thought out patch, some docs and tests. I expect the code to allow full control of the auto-escaping.

from flask-markdown.

Sorry for being unclear, then. Yes, the Markdown works just fine if I explicitly escape. I'm not sure why you would ever not want to escape before converting the Markdown, but maybe my imagination is failing me.

from flask-markdown.

Well, this is the first time I've heard of this issue so it's possible some users rely on the current behavior. Additionally, I don't like placing limitations on what one can do with code. Since both scenarios can be supported, I would prefer to manage the auto-escape with configuration and default to the existing behavior.

from flask-markdown.

Agreed. :) Working on it.

from flask-markdown.

I'm probably going to sign off for the night now, but this is what it's ending up looking like. Obviously not finished, and I'd like your ideas on a better way to preserve the Markdown instance than sticking it into the app config. I'm not super-familiar with Flask's internals, but surely there is a better place for it.

Moving the function out of the Markdown class seems to be necessary because Jinja passes the eval context in a very hacky way. The decorator ends up passing the eval_ctx as the first parameter. Obviously, this conflicted with the method because self kept overriding it.

thieman@5a7a70d

from flask-markdown.

This is now being discussed in the PR #5, I am closing.

from flask-markdown.