aboutsummaryrefslogtreecommitdiffstats
path: root/docs/reference.txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/reference.txt')
-rw-r--r--docs/reference.txt33
1 files changed, 18 insertions, 15 deletions
diff --git a/docs/reference.txt b/docs/reference.txt
index e1797ad..2e1985d 100644
--- a/docs/reference.txt
+++ b/docs/reference.txt
@@ -165,10 +165,20 @@ The following options are available on the `markdown.markdown` function:
* __`safe_mode`__{: #safe_mode }: Disallow raw html.
- If you are using Markdown on a web system which will transform text
- provided by untrusted users, you may want to use the "safe_mode"
- option which ensures that the user's HTML tags are either replaced,
- removed or escaped. (They can still create links using Markdown syntax.)
+ !!! warning
+ "`safe_mode`" is pending deprecation and should not be used.
+
+ HTML sanitizers (like [Bleach]) provide a better solution for
+ dealing with markdown text submitted by untrusted users.
+
+ import markdown
+ import bleach
+ html = bleach.clean(markdown.markdown(untrusted_text))
+
+ See the [release notes] for more info.
+
+[Bleach]: https://github.com/jsocol/bleach
+[release notes]: release-2.5.html
The following values are accepted:
@@ -200,21 +210,14 @@ The following options are available on the `markdown.markdown` function:
"safe_mode" also alters the default value for the
[`enable_attributes`](#enable_attributes) option.
- !!! seealso "See Also"
- HTML sanitizers (like [Bleach]) may provide a better solution for
- dealing with markdown text submitted by untrusted users. That way,
- both the HTML generated by Markdown and user submited raw HTML are
- fully sanitized.
-
- import markdown
- import bleach
- html = bleach.clean(markdown.markdown(evil_text))
-
-[Bleach]: https://github.com/jsocol/bleach
* __`html_replacement_text`__{: #html_replacement_text }: Text used when
safe_mode is set to `replace`. Defaults to `[HTML_REMOVED]`.
+ !!! warning
+ "`html_replacement_text`" is pending deprecation and should not be used.
+ See the [release notes] for more info.
+
* __`tab_length`__{: #tab_length }: Length of tabs in the source. Default: 4
* __`enable_attributes`__{: #enable_attributes}: Enable the conversion of