Thanks for the pointer Jirka - I hadn't managed to find that ticket. Makes sense and, like you, I only have a few trusted users entering text that will be filtered.
On 15 September 2012 19:37, Jirka Vejrazka <jirka.vejra...@gmail.com> wrote: > Hi Phil, > > incidentally, I was looking at this just recently. The > contrib.markup was deprecated mainly due to security issues with 3rd > party libraries that could not be fixed in Django itself and were > compromising its security. For more, read > https://code.djangoproject.com/ticket/18054 > > Can't tell you what the replacement is. I rolled up my own markup > filter, but I only have a handful of trusted users for my web app so I > don't have to be too concerned with trusting their inputs. > > You can copy the markup filter from 1.4 - just be aware of the > security consequences. > > HTH > > Jirka > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > -- http://www.gyford.com/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
