Re: [web2py:37222] Re: Markdown problem

Tue, 15 Dec 2009 05:31:31 -0800 

2009/11/26 mdipierro <mdipie...@cs.depaul.edu>:
> I took a second look.
>
>>>> WIKI('this <b>is</b> a test').xml()
> '<p>this &lt;b&gt;is&lt;/b&gt; a test</p>\n'
>>>> WIKI('this <b>is</b> a test',safe_mode=True).xml()
> '<p>this [HTML_REMOVED]is[HTML_REMOVED] a test</p>\n'
>>>> WIKI('this <b>is</b> a test',safe_mode=False).xml()
> '<p>this <b>is</b> a test</p>\n'
>>>> WIKI('this <script>is</script> a test',safe_mode=False).xml()
> '<p>this <script>is</script> a test</p>\n'
>
>
> It seems safe_mode=False is the way to go but it does do any
> sanitization either.
> This is a problem with the markdown2 library we use.
>
> For now you can do:
>
> XML(WIKI('this <b>is</b> a test',safe_mode=False),sanitize=True)
>
> until I finish rewriting markdown.

Thanks for your reply. I am only now trying it out with the following
in show_page.html:
{{extend 'layout.html'}}

<h1>{{=page.title}}</h1>
 [ {{=A('edit', _href=URL(r=request, f='edit', args=request.args))}}
 | {{=A('documents', _href=URL(r=request, f='documents', args=request.
     args))}} ]<br />
 {{import gluon.contrib.markdown}}

  {{=XML(gluon.contrib.markdown.WIKI(page.body,safe_mode=False),sanitize=True)}}
 <h2>Comments</h2>
 {{for comment in comments:}}
   <p>{{=db.auth_user[comment.created_by].first_name}} on {{=comment.
       created_on}}
           says <I>{{=comment.body}}</i></p>
 {{pass}}
 <h2>Post a comment</h2>
 {{=form}}

And it ends in:


 File "/home/js/web2py/gluon/html.py", line 257, in __init__
    allowed_attributes)
  File "/home/js/web2py/gluon/sanitizer.py", line 190, in sanitize
    allowed_attributes=allowed_attributes).strip(text)
  File "/home/js/web2py/gluon/sanitizer.py", line 150, in strip
    rawstring = rawstring.replace("<%s/>" % tag, "<%s />" % tag)
AttributeError: 'XML' object has no attribute 'replace'


It is not urgent, just inconvenient. Maybe it is my own mistake somewhere.

Regards
Johann

--

You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to 
web2py+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/web2py?hl=en.

Reply via email to