On Dec 18, 2007 8:56 AM, shabda <[EMAIL PROTECTED]> wrote:
> I am using textile markup filter. When I am using a variable in the
> template without any filter they are being auto escaped, as they
> should. However, if I use any markup filter like textile or markdown,
> the text is not being auto escaped. Even using the escape filter
> manually does not help. (as in {{comment.text|escape|markdown}} ).
> Is there any combination of filters which can,
> 1. Escape html tags.
> 2. Apply textile/markdown?
The point of Textile/Markdown/etc. is to produce HTML, so the bundled
filters do not escape their output (otherwise they'd escape the HTML
they produce).
Your best bet is probably the Markdown filter, which allows you to
enable python-markdown's "safe mode" -- this will have Markdown itself
remove any "raw" HTML before doing Markdown processing. Note that
*all* "raw" HTML which goes into Markdown with this mode enabled will
be removed, regardless of whether you wanted it to be or not.
--
"Bureaucrat Conrad, you are technically correct -- the best kind of correct."
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
