Friday, October 7, 2011

Re: Filtering html for django comments

On Fri, Oct 7, 2011 at 3:04 PM, arkaitzj@gmail.com <arkaitzj@gmail.com> wrote:
> Hi,
> I am aware that Markdown is a formatting language like textile or any other.
> It is just that i've seen other projects using {{var|markdown:"safe"}} to
> protect against injected html and I don't know if that is the same, better
> or worse that just {{var}} without disabling autoescape.
>
> Thanks
>

?

Either the comment is markdown or it is not. The markdown filter is
not magically going to improve the quality of your non-markdown
comments.

Cheers

Tom

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

No comments:

Post a Comment