Hi,
I am aware that Markdown is a formatting language like textile or any other.
It is just that i've seen other projects using {{var|markdown:"safe"}} to
protect against injected html and I don't know if that is the same, better
or worse that just {{var}} without disabling autoescape.
Thanks
--
Arkaitz
On Fri, Oct 7, 2011 at 2:50 PM, Tom Evans <tevans...@googlemail.com> wrote:
> On Fri, Oct 7, 2011 at 9:00 AM, arkai...@gmail.com <arkai...@gmail.com>
> wrote:
> > Hi all,
> > I'm working on a comments addon for my app and I'm checking the
> alternatives
> > for urlizing and securing what users write in comments.
> > I thought that just using Djangos default autoescape( not doing anything)
> > plus the |urlize filter like " {{comment|urlize}}" would be enough, but
> I've
> > seen examples in the web using "{{comment|markdown:'safe'}}" so I was
> > wondering if autoescape is not enough or people are using
> "markdown:'safe'"
> > for other reasons?
> >
> > Should I be concerned if I don't use markdown:"safe" ?
> >
> > Thanks
>
> Markdown is a formatting language. People using that syntax enter
> their comments in markdown, and use that to turn them into HTML.
>
> Cheers
>
> Tom
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
