Am Freitag, 16. März 2007 16:48 schrieb Martijn Pieters:
> On 3/15/07, Florian Lindner <[EMAIL PROTECTED]> wrote:
> > I've found out it could partly be achieved by using:
> >
> >     def convertToHTML(self, comment):
> >         """ Converts a comment from restructured text to HTML. """
> >         text = unicode(comment.content)
> >         settings_override = {}
> >         settings_override["raw_enabled"] = False
> >         settings_override["file_insertion_enabled"] = False
> >         # settings_override["report_level"] = "quiet"
> >         renderer = ReStructuredTextToHTMLRenderer(text, self.request)
> >         return renderer.render(settings_override).strip()
> >
> > but now a raw directive generates an error message whereas it is
> > completely swallowed when uncommenting the report_level.
>
> Note that you should really read the following:
>
>   http://docutils.sourceforge.net/docs/howto/security.html
>
> You'll have to disable the include and csv-table directives as well.

The file_insertion_enabled = False disables the include and csv-table 
directives.


        settings_override = {}
        settings_override["raw_enabled"] = False
        settings_override["file_insertion_enabled"] = False

I think it's safe this way.

But these settings still don't entirely satisfy me because if somebody 
enters .. raw:: html a warning message is printed informing that raw is 
disabled. If I set:

        settings_override["report_level"] = "quiet"

The raw directive is is completely removed from output. What I want is that it 
is treated just like any other text, appearing also in the output.

Is that possible?

Thanks,

Florian
_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users

Reply via email to