diff options
author | Waylan Limberg <waylan@gmail.com> | 2012-05-03 16:12:42 -0300 |
---|---|---|
committer | Waylan Limberg <waylan@gmail.com> | 2012-05-03 16:12:42 -0300 |
commit | 6cf7e40cf40b52006d45c4f0cd57f88ae35f8f20 (patch) | |
tree | cd3a079b3f61cdacf607e6cefaa42cc54bb69628 /docs | |
parent | c64c19676e14f3177b3d0e7e0532c24d48958ec8 (diff) | |
download | markdown-6cf7e40cf40b52006d45c4f0cd57f88ae35f8f20.tar.gz markdown-6cf7e40cf40b52006d45c4f0cd57f88ae35f8f20.tar.bz2 markdown-6cf7e40cf40b52006d45c4f0cd57f88ae35f8f20.zip |
Updated docs to reflect fix in #82.
Diffstat (limited to 'docs')
-rw-r--r-- | docs/reference.txt | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/docs/reference.txt b/docs/reference.txt index 603200b..c438dea 100644 --- a/docs/reference.txt +++ b/docs/reference.txt @@ -136,9 +136,8 @@ The following options are available on the `markdown.markdown` function: <p>Foo <b>bar</b>.</p> - Note that "safe_mode" does not alter the `enable_attributes` option, which - could allow someone to inject javascript (i.e., `{@onclick=alert(1)}`). You - may also want to set `enable_attributes=False` when using "safe_mode". + Note that "safe_mode" also alters the default value for the + [`enable_attributes`](#enable_attributes) option. * __`html_replacement_text`__{: #html_replacement_text }: Text used when safe_mode is set to `replace`. Defaults to `[HTML_REMOVED]`. @@ -146,7 +145,13 @@ The following options are available on the `markdown.markdown` function: * __`tab_length`__{: #tab_length }: Length of tabs in the source. Default: 4 * __`enable_attributes`__{: #enable_attributes}: Enable the conversion of - attributes. Default: True + attributes. Defaults to `True`, unless [`safe_mode`](#safe_mode) is enabled, + in which case the default is `False`. + + Note that `safe_mode` only overrides the default. If `enable_attributes` + is explicitly set, the explicit value is used regardless of `safe_mode`. + However, this could potentially allow an untrusted user to inject + JavaScript into your documents. * __`smart_emphasis`__{: #smart_emphasis }: Treat `_connected_words_` intelligently Default: True |