diff options
author | Waylan Limberg <waylan@gmail.com> | 2011-03-09 22:53:10 -0500 |
---|---|---|
committer | Waylan Limberg <waylan@gmail.com> | 2011-03-09 22:53:10 -0500 |
commit | 80aa9a2d52f2fcbffd6e15d208b8ead5886900b1 (patch) | |
tree | 4df551a6e1d994e4529ad8a68df49b73ff64c026 | |
parent | d6e2585772d5c1bcd04b9b30f8aa7220d45af486 (diff) | |
download | markdown-80aa9a2d52f2fcbffd6e15d208b8ead5886900b1.tar.gz markdown-80aa9a2d52f2fcbffd6e15d208b8ead5886900b1.tar.bz2 markdown-80aa9a2d52f2fcbffd6e15d208b8ead5886900b1.zip |
Documented concern raised in Ticket 85. Added a warning that enabling safe_mode does not turn off attributes, so they should be turned off seperately.
-rw-r--r-- | docs/using_as_module.txt | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/using_as_module.txt b/docs/using_as_module.txt index 9031c4e..7c9008d 100644 --- a/docs/using_as_module.txt +++ b/docs/using_as_module.txt @@ -54,6 +54,10 @@ You should also use this method if you want to process multiple strings: html1 = md.convert(text1) html2 = md.convert(text2) +Any options accepted by the `Markdown` class are also accepted by the +`markdown` shortcut function. However, a new instant of the class will be +created each time the shortcut function is called. + Working with Files ------------------ @@ -122,6 +126,10 @@ still create links using Markdown syntax.) * To escape HTML, set ``safe_mode="escape"``. The HTML will be escaped and included in the document. +Note that "safe_mode" does not alter the "enable_attributes" option, which +could allow someone to inject javascript (i.e., `{@onclick=alert(1)}`). You +may also want to set `enable_attributes=False` when using "safe_mode". + Output Formats -------------- |