Solved, found out, that there is a safe_mode option which you can put
into the markdown call.
so you get:
${ Markup( markdown.markdown( contentvar, safe_mode="replace" ) ) }On Sep 22, 1:20 pm, bloeper <[email protected]> wrote: > Hi All, > > Currently I am trying to finish off my blog. > It's almost done (Wohoo). > Although I still have one problem, I have installed markdown in my > virtualenv (works fine). > But in the template I need to do something like this: > ${ Markup( markdown.markdown( contentvar ) ) } > It works fine then, but the problem with this "solution" is that when > an user inputs something like this (in a reactions of some sort) > They'll also be allowed to use normal html tags such as </div> or even > worse run javascript to redirect a page or something. > > So my question is, how can i still use markdown, but without using the > Markup function because it will allow all html tags? > > Greetings, > > Bloeper > > * I already posted this question in the genshi group, but it isn't > really active. -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/turbogears?hl=en.
