Hi, I am aware that Markdown is a formatting language like textile or any other. It is just that i've seen other projects using {{var|markdown:"safe"}} to protect against injected html and I don't know if that is the same, better or worse that just {{var}} without disabling autoescape.
Thanks -- Arkaitz On Fri, Oct 7, 2011 at 2:50 PM, Tom Evans <tevans...@googlemail.com> wrote: > On Fri, Oct 7, 2011 at 9:00 AM, arkai...@gmail.com <arkai...@gmail.com> > wrote: > > Hi all, > > I'm working on a comments addon for my app and I'm checking the > alternatives > > for urlizing and securing what users write in comments. > > I thought that just using Djangos default autoescape( not doing anything) > > plus the |urlize filter like " {{comment|urlize}}" would be enough, but > I've > > seen examples in the web using "{{comment|markdown:'safe'}}" so I was > > wondering if autoescape is not enough or people are using > "markdown:'safe'" > > for other reasons? > > > > Should I be concerned if I don't use markdown:"safe" ? > > > > Thanks > > Markdown is a formatting language. People using that syntax enter > their comments in markdown, and use that to turn them into HTML. > > Cheers > > Tom > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.