diff options
| -rw-r--r-- | markdown.py | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/markdown.py b/markdown.py index c150b1f..6b7b09f 100644 --- a/markdown.py +++ b/markdown.py @@ -47,7 +47,7 @@ TAB_LENGTH = 4 # expand tabs to this many spaces ENABLE_ATTRIBUTES = True # @id = xyz -> <... id="xyz"> SMART_EMPHASIS = 1 # this_or_that does not become this<i>or</i>that HTML_REMOVED_TEXT = "[HTML_REMOVED]" # text used instead of HTML in safe mode - + # If blank, html will be escaped. RTL_BIDI_RANGES = ( (u'\u0590', u'\u07FF'), # from Hebrew to Nko (includes Arabic, Syriac and Thaana) (u'\u2D30', u'\u2D7F'), @@ -913,13 +913,23 @@ class RawHtmlTextPostprocessor(Postprocessor) : for i in range(self.stash.html_counter) : html, safe = self.stash.rawHtmlBlocks[i] if self.safeMode and not safe: - html = HTML_REMOVED_TEXT + if HTML_REMOVED_TEXT: + html = HTML_REMOVED_TEXT + else: + html = self.escape(html) text = text.replace("<p>%s\n</p>" % (HTML_PLACEHOLDER % i), html + "\n") text = text.replace(HTML_PLACEHOLDER % i, html) return text + def escape(self, html): + ''' Basic html escaping ''' + html = html.replace('&', '&') + html = html.replace('<', '<') + html = html.replace('>', '>') + return html.replace('"', '"') + RAWHTMLTEXTPOSTPROCESSOR = RawHtmlTextPostprocessor() """ |