projects / pgweb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 82a616d)
Re-enable markdown safe mode
authorMagnus Hagander <magnus@hagander.net>
Sat, 17 Nov 2018 18:56:10 +0000 (19:56 +0100)
committerMagnus Hagander <magnus@hagander.net>
Sat, 17 Nov 2018 19:05:07 +0000 (20:05 +0100)
This was removed when django removed support for it, but we then
switched markdown library and didn't re-enable it.

Since all content is moderated it's not so bad (per previous commit
message), but better safe than sorry.

templates/downloads/productlist.html patch | blob | blame | history
templates/events/archive.html patch | blob | blame | history
templates/events/item.html patch | blob | blame | history
templates/events/rss_description.html patch | blob | blame | history
templates/news/item.html patch | blob | blame | history
templates/news/newsarchive.html patch | blob | blame | history
templates/news/rss_description.html patch | blob | blame | history

diff --git a/templates/downloads/productlist.html b/templates/downloads/productlist.html
index 0ef90a95a0a1a32737d3b1d7e19c770bcf992c75..02439d7b5ed029a8fa2da317f6d4d02182b75bf3 100644 (file)
--- a/templates/downloads/productlist.html
+++ b/templates/downloads/productlist.html
@@ -22,7 +22,7 @@
     </thead>
     <tbody>
       <tr>
-       <td>{{product.description|markdown}}</td>
+       <td>{{product.description|markdown:"safe"}}</td>
         <td>{{product.licencetype}}</td>
         <td>{{product.price}}</td>
         <td><a href="{{product.org.url}}" target="_blank">{{product.org.name}}</a></td>
diff --git a/templates/events/archive.html b/templates/events/archive.html
index 1959c65b4c1cffd93dd2fb0e53d97372129d4331..69999c3114884e98f5ec9f7e63ae75169fb88c3f 100644 (file)
--- a/templates/events/archive.html
+++ b/templates/events/archive.html
@@ -29,7 +29,7 @@ whatsoever.</em>
 <div>Location: <strong>{{event.locationstring}}</strong></div>
 {%if event.language%}<div>Language: <strong>{{event.language}}</strong></div>{%endif%}
 <div class="newseventwrap">
-{{event.summary|markdown}}
+{{event.summary|markdown:"safe"}}
 </div>
 {%endfor%}
 {%if not archive%}
diff --git a/templates/events/item.html b/templates/events/item.html
index c4ab8cdeb6b0e3b3acbe20a84f19249146f36c18..3b9f51584108bc38e2208e017f30c01b7bb0b412 100644 (file)
--- a/templates/events/item.html
+++ b/templates/events/item.html
@@ -6,7 +6,7 @@
 <div class="eventdate">Date: <strong>{{obj.displaydate|safe}}</strong></div>
 <div>Location: {{obj.locationstring}}</div>
 {%if obj.language%}<div>Language: {{obj.language}}</div>{%endif%}
-{{obj.details|markdown}}
+{{obj.details|markdown:"safe"}}
 {%if obj.has_organisation%}
 <p>Posted by {{obj.org}}{%if obj.org.email%} ({{obj.org.email}}){%endif%}.</p>
 {%else%}
diff --git a/templates/events/rss_description.html b/templates/events/rss_description.html
index bfeb12fecc81d3e9cb9bbcc843a1382809ed7087..0d58f2cf863fe8381429cbea172ddc7f325bf2d7 100644 (file)
--- a/templates/events/rss_description.html
+++ b/templates/events/rss_description.html
@@ -1,2 +1,2 @@
 {%load markup%}
-{{obj.summary|markdown}}
+{{obj.summary|markdown:"safe"}}
diff --git a/templates/news/item.html b/templates/news/item.html
index 66addc19c859039d50da8c27cd23a80d2c48a4b8..bb5a8e2faec190685a0b19452ad4c7743f8ab737 100644 (file)
--- a/templates/news/item.html
+++ b/templates/news/item.html
@@ -4,7 +4,7 @@
 {%block contents%}
 <h1>{{obj.title}}</h1>
 <div class="newsdate">Posted on <strong>{{obj.displaydate}}</strong>{% if obj.org.name != '_migrated' %} by {{ obj.org.name }}{% endif %}</div>
-{{obj.content|markdown}}
+{{obj.content|markdown:"safe"}}
 {%if obj.is_migrated%}
 <p><em>This post has been migrated from a previous version of the PostgreSQL
 website. We apologise for any formatting issues caused by the migration.</em></p>
diff --git a/templates/news/newsarchive.html b/templates/news/newsarchive.html
index 484ff6b2967b14f1f6b7172633ddf104ee7d5a50..b687c9ddd98f08100b66e15f02386dd489677c62 100644 (file)
--- a/templates/news/newsarchive.html
+++ b/templates/news/newsarchive.html
@@ -11,7 +11,7 @@
 {%for obj in news %}
 <h2 class="news"><a href="/about/news/{{obj.id}}/">{{obj.title}}</a></h2>
 <div class="newsdate">Posted on <strong>{{obj.displaydate}}</strong>{% if obj.org.name != '_migrated' %} by {{ obj.org.name }}{% endif %}</div>
-{{obj.content|markdown|striptags|truncatewords:20}}
+{{obj.content|markdown:"safe"|striptags|truncatewords:20}}
 <p><a href="/about/news/{{obj.id}}/">Read more...</a></p>
 {%endfor%}
 <p><a href="/account/news/new/">Submit news</a></p>
diff --git a/templates/news/rss_description.html b/templates/news/rss_description.html
index 31d7d836f7c56c29896b276ab1c134c4cd471621..e4ac29475540b522eaf922a902116235feb85d60 100644 (file)
--- a/templates/news/rss_description.html
+++ b/templates/news/rss_description.html
@@ -1,2 +1,2 @@
 {%load markup%}
-{{obj.content|markdown}}
+{{obj.content|markdown:"safe"}}
This is the code for the postgresql.org website