Comments (12)
You can do this right in your model...
# models.py
@property
def formatted_markdown(self):
return markdownify(self.text)
in your template just add {{ object.formatted_markdown|safe }}
I think it's the easiest way :)
from django-markdownx.
I don't have a PR ready, but willin gto submit it.
The instructions how to run the tests seem to be missing from the docs. travis is instricted to python runtests.py
but that file is not in the project root?
from django-markdownx.
Thanks for the feedback folks. Looks like we're on different tracks here. I'd use bleach
or django-bleach
to sanitize untrusted output. Markdown to HTML might or might not be automatically safe.
I noticed (and tested) that markdownify respect Markdown's "HTML is allowed and will be rendered" settings. That makes being wary of output even more important.
For my use case, it looks like I'm better off using django-markdown-deux
and django-bleach
, since and editor is not my primary concern.
I hop my small PR is of some use in the future, but I'll leave that up to other contributors.
from django-markdownx.
This is fairly easy task to add template tag. But, as you suggested, it would be nice to support it for wider audience.
If you got a PR already, please push it.
from django-markdownx.
It would be great to have it
from django-markdownx.
PR #77
from django-markdownx.
Tags are good, and they're easy to use. But we need to discuss the scope, and their functionality. I'm not sure a filter is what we're looking for. I think something along the lines of editor and preview are useful. But then it brings about the project policy of not turning into a WYSIWYG editor. We need to balance this right.
Also, the mark_safe
command is a little too much for my taste. It needs to be done explicitly by the end-of-line programmer as and when necessary. It opens a can of worms re security that we really wanna avoid, specially if the editor is used by unregistered users.
Any thoughts are welcome!
from django-markdownx.
It opens a can of worms re security that we really wanna avoid
Django beginner here; at the moment I'm rendering html with something like:
{{ thread.content|truncatechars:140|show_markdown|safe }}
being show_markdown
my custom templatetag.
@register.filter
def show_markdown(text):
return markdownify(text)
I don't think this is safe either. It would be great if the rendering of formatted html would be managed by the markdownx app as well, so that security concerns can be addressed in the right way and not left to the end-of-line programmer.
from django-markdownx.
@dyve Thank you for your contribution.
As a matter of fact, I use the template tags from django-markdown-deux
too (of with some minor modifications to incorporate specific needs to display maths). Which is why I think it's not necessary to have a markdown conversion filter when it comes to trans-compilation (there are plenty of choices out there). I think a good tutorial in our docs would probably go a long way.
I'm not familiar with django-bleach
, though I shall have a look at that, and perhaps make recommendations in the docs.
Finally, on your contribution, I'm sure we can, and will use it in some shape or form in the project.
from django-markdownx.
You're truncating. That's not a typical thing to do with Markdown.
It would be great if the rendering of formatted html would be managed by the markdownx app as well, so that security concerns can be addressed in the right way and not left to the end-of-line programmer.
We cannot address the security concerns unless we know the circumstances. And believe me, we already do address a lot of security issues (CSRF
and JavaScript injection in SVG files) as well as we practically can.
Additionally, if we do that, we're essentially telling the API users to not worry about security, and that's not a good idea. What we can do, again, is to have tutorials.
Further on that point, I don't think it is in general a good idea for us to take care of Markdown interpretation. On reason is that Markdown is not an absolute standard (that versatility is what makes it so interesting). You can write your own interpreter, or use an interpreter that incorporates specific extensions you're looking for, or whatever.
Imposing an interpreter would simply turn MarkdownX into just another Django Markdown package. It we were to do that, could easily achieve it through JavaScript Markdown packages, which would have more security (existing HTML could be filtered out), and not calls to the server would be necessary for trans-compilation. But that's what a lot of other packages do, and it doesn't seem to be what MarkdownX fans and users are after. At the moment, MarkdownX is the most popular Django Markdown package; and if I were to speculate the reason why, I would say it's precisely because of the level of versatility it offers.
from django-markdownx.
I see your point. Btw, I truncate it since I need to show a small part of the whole text in a box. Is there a better way to achieve it? I think this issue is not the right place to discuss it, but a quick tutorial about it would be great!
from django-markdownx.
from django import template
from django.utils.safestring import mark_safe
from markdownx.utils import markdownify
register = template.Library()
@register.filter
def markdown(text):
return mark_safe(markdownify(text))
{{ text|markdown }}
from django-markdownx.
Related Issues (20)
- Create a release for the package HOT 2
- ImportError: cannot import name 'url' from django.conf.urls HOT 3
- DOC bug in link GITHUB 404 HOT 1
- Django 4 and file upload produces error HOT 5
- Using absolute paths for images? HOT 3
- Found a possible security concern HOT 2
- No cookie with key "csrftoken". Wrong name?
- Can't type `[` or `]` using a french keyboard on Windows
- MARKDOWNX_EDITOR_RESIZABLE does not appear to work in v4
- Can't add multiline code block HOT 1
- Release for Django 4.0 HOT 2
- getCookie() bug? HOT 1
- Simple optimization inside views.py HOT 1
- AttributeError on markdownify HOT 1
- A recent Upload and markdownify path errors
- How to customize the textarea cols HOT 2
- Cross-Site Scripting (XSS) Vulnerability in Markdown Library HOT 1
- AttributeError when using pillow >=10.0
- Css for dark theme in admin page
- Contact email to report a vulnerability does not exists HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-markdownx.