This would be safe but t may mess up the output. In principe the "text" 
inside <code/> should be allowed to contain any html including <script> but 
it should not be able to close the <code> tag. I think the right solution 
is:

MARKMIN(text, extra={"pre_with_code": lambda text: 
"<pre><code>{0}</code></pre>".format(cgi.escape(text))})


On Tuesday, 22 January 2013 05:09:57 UTC-6, Alan Etkin wrote:
>
> How about
>
> MARKMIN(text, extra={"pre_with_code": lambda text: 
> "<pre><code>{0}</code></pre>".
> format(XML(text, sanitize=True))})
>
>

-- 



Reply via email to