diff options
| author | Waylan Limberg <waylan@gmail.com> | 2014-09-01 17:30:59 -0400 |
|---|---|---|
| committer | Waylan Limberg <waylan@gmail.com> | 2014-09-01 17:30:59 -0400 |
| commit | 7db56daedf8a6006222f55eeeab748e7789fba89 (patch) | |
| tree | e694458265a8d0c5f4a47d4728443611b2cac9f0 /docs/reference.txt | |
| parent | 5f941454f9f7c8b62efec24917b2c7ba983d603c (diff) | |
| download | markdown-7db56daedf8a6006222f55eeeab748e7789fba89.tar.gz markdown-7db56daedf8a6006222f55eeeab748e7789fba89.tar.bz2 markdown-7db56daedf8a6006222f55eeeab748e7789fba89.zip | |
Mark "Safe Mode" as pending deprecation.
Both `safe_mode` and `html_replacement_test` keywords are
pending deprecation, as are positional args. Closes #337.
Diffstat (limited to 'docs/reference.txt')
| -rw-r--r-- | docs/reference.txt | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/docs/reference.txt b/docs/reference.txt index e1797ad..2e1985d 100644 --- a/docs/reference.txt +++ b/docs/reference.txt @@ -165,10 +165,20 @@ The following options are available on the `markdown.markdown` function: * __`safe_mode`__{: #safe_mode }: Disallow raw html. - If you are using Markdown on a web system which will transform text - provided by untrusted users, you may want to use the "safe_mode" - option which ensures that the user's HTML tags are either replaced, - removed or escaped. (They can still create links using Markdown syntax.) + !!! warning + "`safe_mode`" is pending deprecation and should not be used. + + HTML sanitizers (like [Bleach]) provide a better solution for + dealing with markdown text submitted by untrusted users. + + import markdown + import bleach + html = bleach.clean(markdown.markdown(untrusted_text)) + + See the [release notes] for more info. + +[Bleach]: https://github.com/jsocol/bleach +[release notes]: release-2.5.html The following values are accepted: @@ -200,21 +210,14 @@ The following options are available on the `markdown.markdown` function: "safe_mode" also alters the default value for the [`enable_attributes`](#enable_attributes) option. - !!! seealso "See Also" - HTML sanitizers (like [Bleach]) may provide a better solution for - dealing with markdown text submitted by untrusted users. That way, - both the HTML generated by Markdown and user submited raw HTML are - fully sanitized. - - import markdown - import bleach - html = bleach.clean(markdown.markdown(evil_text)) - -[Bleach]: https://github.com/jsocol/bleach * __`html_replacement_text`__{: #html_replacement_text }: Text used when safe_mode is set to `replace`. Defaults to `[HTML_REMOVED]`. + !!! warning + "`html_replacement_text`" is pending deprecation and should not be used. + See the [release notes] for more info. + * __`tab_length`__{: #tab_length }: Length of tabs in the source. Default: 4 * __`enable_attributes`__{: #enable_attributes}: Enable the conversion of |