On Tue, May 6, 2008 at 7:30 PM, Jeremy Dunck <[EMAIL PROTECTED]> wrote: > > > I think there should be a branch checking the markdown version, and > passing in a unicode object if markdown.version_info >= (1,7,0,'').
Um, what about lines 71-74 [1] does not do this? Yeah the check is the other way, but it has the same effect. Added in changeset 7423 [2] three weeks ago. [1]: http://code.djangoproject.com/browser/django/trunk/django/contrib/markup/templatetags/markup.py#L71 [2]: http://code.djangoproject.com/changeset/7423 > > Also, and probably more important: markdown allows HTML to be passed > in and spit out; the markdown filter marks output as safe. Is it an > intended design choice to have applying the markdown filter result in > unescaped output? Perhaps this side-effect should be noted in the > docs[2]? > Yeah, we probably should mention this in the docs, along with an explanation of how to enable Markdown's safe_mode. Sure, it's explained in the source, but the other markup filters don't offer any extra features so I doubt most people even look unless they encounter a problem. -- ---- Waylan Limberg [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---