aboutsummaryrefslogtreecommitdiffstats
path: root/docs/reference.txt
diff options
context:
space:
mode:
authorWaylan Limberg <waylan@gmail.com>2012-05-04 15:56:15 +0000
committerWaylan Limberg <waylan@gmail.com>2012-05-04 15:56:15 +0000
commit803a98283b64a469f453f6f01de0dae67b3f35ee (patch)
tree29be98717adb4e78016224455829a0f7839c1901 /docs/reference.txt
parent19f459a2a3089e18caff88c6a65c1b58fbf9d3a6 (diff)
parent6cf7e40cf40b52006d45c4f0cd57f88ae35f8f20 (diff)
downloadmarkdown-803a98283b64a469f453f6f01de0dae67b3f35ee.tar.gz
markdown-803a98283b64a469f453f6f01de0dae67b3f35ee.tar.bz2
markdown-803a98283b64a469f453f6f01de0dae67b3f35ee.zip
Merge branch 'master' of github.com:waylan/Python-Markdown
Diffstat (limited to 'docs/reference.txt')
-rw-r--r--docs/reference.txt13
1 files changed, 9 insertions, 4 deletions
diff --git a/docs/reference.txt b/docs/reference.txt
index 603200b..c438dea 100644
--- a/docs/reference.txt
+++ b/docs/reference.txt
@@ -136,9 +136,8 @@ The following options are available on the `markdown.markdown` function:
<p>Foo &lt;b&gt;bar&lt;/b&gt;.</p>
- Note that "safe_mode" does not alter the `enable_attributes` option, which
- could allow someone to inject javascript (i.e., `{@onclick=alert(1)}`). You
- may also want to set `enable_attributes=False` when using "safe_mode".
+ Note that "safe_mode" also alters the default value for the
+ [`enable_attributes`](#enable_attributes) option.
* __`html_replacement_text`__{: #html_replacement_text }: Text used when
safe_mode is set to `replace`. Defaults to `[HTML_REMOVED]`.
@@ -146,7 +145,13 @@ The following options are available on the `markdown.markdown` function:
* __`tab_length`__{: #tab_length }: Length of tabs in the source. Default: 4
* __`enable_attributes`__{: #enable_attributes}: Enable the conversion of
- attributes. Default: True
+ attributes. Defaults to `True`, unless [`safe_mode`](#safe_mode) is enabled,
+ in which case the default is `False`.
+
+ Note that `safe_mode` only overrides the default. If `enable_attributes`
+ is explicitly set, the explicit value is used regardless of `safe_mode`.
+ However, this could potentially allow an untrusted user to inject
+ JavaScript into your documents.
* __`smart_emphasis`__{: #smart_emphasis }: Treat `_connected_words_`
intelligently Default: True