So should not {{text|escape|textile}} remove html tags first, and then
apply the textile-markup to generate html?
On your weblog, b-list, you allow comments in markdown, but strip
HTML, are you using something like "safe mode?" How can I enable that?
BTW, that site is acting a bit strange from some days, I can not see
the styling on some pages, :( .
On Dec 18, 9:03 pm, "James Bennett" <[EMAIL PROTECTED]> wrote:
> On Dec 18, 2007 8:56 AM, shabda <[EMAIL PROTECTED]> wrote:
>
> > I am using textile markup filter. When I am using a variable in the
> > template without any filter they are being auto escaped, as they
> > should. However, if I use any markup filter like textile or markdown,
> > the text is not being auto escaped. Even using the escape filter
> > manually does not help. (as in {{comment.text|escape|markdown}} ).
> > Is there any combination of filters which can,
> > 1. Escape html tags.
> > 2. Apply textile/markdown?
>
> The point of Textile/Markdown/etc. is to produce HTML, so the bundled
> filters do not escape their output (otherwise they'd escape the HTML
> they produce).
>
> Your best bet is probably the Markdown filter, which allows you to
> enable python-markdown's "safe mode" -- this will have Markdown itself
> remove any "raw" HTML before doing Markdown processing. Note that
> *all* "raw" HTML which goes into Markdown with this mode enabled will
> be removed, regardless of whether you wanted it to be or not.
>
> --
> "Bureaucrat Conrad, you are technically correct -- the best kind of correct."
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
