Ticket #13980: markup.py

File markup.py, 3.4 KB (added by nomulous, 5 years ago)

Removed the is_safe = True so that markdown output will be escaped

Line 
1"""
2Set of "markup" template filters for Django.  These filters transform plain text
3markup syntaxes to HTML; currently there is support for:
4
5    * Textile, which requires the PyTextile library available at
6      http://loopcore.com/python-textile/
7
8    * Markdown, which requires the Python-markdown library from
9      http://www.freewisdom.org/projects/python-markdown
10
11    * ReStructuredText, which requires docutils from http://docutils.sf.net/
12"""
13
14from django import template
15from django.conf import settings
16from django.utils.encoding import smart_str, force_unicode
17from django.utils.safestring import mark_safe
18
19register = template.Library()
20
21def textile(value):
22    try:
23        import textile
24    except ImportError:
25        if settings.DEBUG:
26            raise template.TemplateSyntaxError("Error in {% textile %} filter: The Python textile library isn't installed.")
27        return force_unicode(value)
28    else:
29        return mark_safe(force_unicode(textile.textile(smart_str(value), encoding='utf-8', output='utf-8')))
30textile.is_safe = True
31
32def markdown(value, arg=''):
33    """
34    Runs Markdown over a given value, optionally using various
35    extensions python-markdown supports.
36
37    Syntax::
38
39        {{ value|markdown:"extension1_name,extension2_name..." }}
40
41    To enable safe mode, which strips raw HTML and only returns HTML
42    generated by actual Markdown syntax, pass "safe" as the first
43    extension in the list.
44
45    If the version of Markdown in use does not support extensions,
46    they will be silently ignored.
47
48    """
49    try:
50        import markdown
51    except ImportError:
52        if settings.DEBUG:
53            raise template.TemplateSyntaxError("Error in {% markdown %} filter: The Python markdown library isn't installed.")
54        return force_unicode(value)
55    else:
56        # markdown.version was first added in 1.6b. The only version of markdown
57        # to fully support extensions before 1.6b was the shortlived 1.6a.
58        if hasattr(markdown, 'version'):
59            extensions = [e for e in arg.split(",") if e]
60            if len(extensions) > 0 and extensions[0] == "safe":
61                extensions = extensions[1:]
62                safe_mode = True
63            else:
64                safe_mode = False
65
66            # Unicode support only in markdown v1.7 or above. Version_info
67            # exist only in markdown v1.6.2rc-2 or above.
68            if getattr(markdown, "version_info", None) < (1,7):
69                return mark_safe(force_unicode(markdown.markdown(smart_str(value), extensions, safe_mode=safe_mode)))
70            else:
71                return mark_safe(markdown.markdown(force_unicode(value), extensions, safe_mode=safe_mode))
72        else:
73            return mark_safe(force_unicode(markdown.markdown(smart_str(value))))
74
75def restructuredtext(value):
76    try:
77        from docutils.core import publish_parts
78    except ImportError:
79        if settings.DEBUG:
80            raise template.TemplateSyntaxError("Error in {% restructuredtext %} filter: The Python docutils library isn't installed.")
81        return force_unicode(value)
82    else:
83        docutils_settings = getattr(settings, "RESTRUCTUREDTEXT_FILTER_SETTINGS", {})
84        parts = publish_parts(source=smart_str(value), writer_name="html4css1", settings_overrides=docutils_settings)
85        return mark_safe(force_unicode(parts["fragment"]))
86restructuredtext.is_safe = True
87
88register.filter(textile)
89register.filter(markdown)
90register.filter(restructuredtext)
Back to Top