summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--news/views.py2
-rw-r--r--templates/feeds/news_description.html2
-rw-r--r--templates/news/view.html2
-rw-r--r--templates/public/index.html4
4 files changed, 5 insertions, 5 deletions
diff --git a/news/views.py b/news/views.py
index 03f3b0ac..c0230f1e 100644
--- a/news/views.py
+++ b/news/views.py
@@ -76,7 +76,7 @@ def view_redirect(request, object_id):
@require_POST
def preview(request):
data = request.POST.get('data', '')
- markup = markdown.markdown(data)
+ markup = markdown.markdown(data, safe_mode=True)
return HttpResponse(markup)
# vim: set ts=4 sw=4 et:
diff --git a/templates/feeds/news_description.html b/templates/feeds/news_description.html
index e75d0af7..77830367 100644
--- a/templates/feeds/news_description.html
+++ b/templates/feeds/news_description.html
@@ -1,3 +1,3 @@
{% load markup %}
<p>{{obj.author.get_full_name}} wrote:</p>
-{{ obj.content|markdown }} \ No newline at end of file
+{{ obj.content|markdown:'safe' }}
diff --git a/templates/news/view.html b/templates/news/view.html
index 445f0398..b6c06b28 100644
--- a/templates/news/view.html
+++ b/templates/news/view.html
@@ -28,6 +28,6 @@
<p class="article-info">{{ news.postdate|date }} - {{ news.author.get_full_name }}</p>
- <div class="article-content" itemprop="articleBody">{{ news.content|markdown }}</div>
+ <div class="article-content" itemprop="articleBody">{{ news.content|markdown:'safe' }}</div>
</div>
{% endblock %}
diff --git a/templates/public/index.html b/templates/public/index.html
index 000a527b..762433a4 100644
--- a/templates/public/index.html
+++ b/templates/public/index.html
@@ -53,8 +53,8 @@
</h4>
<p class="timestamp">{{ news.postdate|date }}</p>
<div class="article-content">
- {% if forloop.counter0 == 0 %}{{ news.content|markdown|truncatewords_html:300 }}
- {% else %}{{ news.content|markdown|truncatewords_html:100 }}{% endif %}
+ {% if forloop.counter0 == 0 %}{{ news.content|markdown:'safe'|truncatewords_html:300 }}
+ {% else %}{{ news.content|markdown:'safe'|truncatewords_html:100 }}{% endif %}
</div>
{% else %}
{% if forloop.counter0 == 5 %}