diff options
| author | Joar Wandborg <git@wandborg.com> | 2011-06-15 23:07:54 +0200 |
|---|---|---|
| committer | Joar Wandborg <git@wandborg.com> | 2011-06-15 23:07:54 +0200 |
| commit | 44e51d3464e719e596e1480b7af2957742a9085b (patch) | |
| tree | 0b5809274b32bde08403b212e55d2fec55ce2929 | |
| parent | 9e883ed3b223311e3325e41e75dec7ee82875ac2 (diff) | |
| download | mediagoblin-44e51d3464e719e596e1480b7af2957742a9085b.tar.lz mediagoblin-44e51d3464e719e596e1480b7af2957742a9085b.tar.xz mediagoblin-44e51d3464e719e596e1480b7af2957742a9085b.zip | |
Made changes according to http://bugs.foocorp.net/issues/363#note-5
| -rw-r--r-- | mediagoblin/edit/views.py | 10 | ||||
| -rw-r--r-- | mediagoblin/submit/views.py | 10 |
2 files changed, 12 insertions, 8 deletions
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 2bc53a54..6c16a61e 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -17,11 +17,13 @@ from webob import exc -from mediagoblin.util import render_to_response, redirect +from mediagoblin.util import render_to_response, redirect, clean_html from mediagoblin.edit import forms from mediagoblin.edit.lib import may_edit_media from mediagoblin.decorators import require_active_login, get_user_media_entry +import markdown + @get_user_media_entry @require_active_login @@ -49,11 +51,11 @@ def edit_media(request, media): media['title'] = request.POST['title'] media['description'] = request.POST.get('description') - import markdown md = markdown.Markdown( safe_mode = 'escape') - media['description_html'] = md.convert( - media['description']) + media['description_html'] = clean_html( + md.convert( + media['description'])) media['slug'] = request.POST['slug'] media.save() diff --git a/mediagoblin/submit/views.py b/mediagoblin/submit/views.py index 21562e6f..437a5a51 100644 --- a/mediagoblin/submit/views.py +++ b/mediagoblin/submit/views.py @@ -19,11 +19,13 @@ from cgi import FieldStorage from werkzeug.utils import secure_filename -from mediagoblin.util import render_to_response, redirect +from mediagoblin.util import render_to_response, redirect, clean_html from mediagoblin.decorators import require_active_login from mediagoblin.submit import forms as submit_forms, security from mediagoblin.process_media import process_media_initial +import markdown + @require_active_login def submit_start(request): @@ -49,11 +51,11 @@ def submit_start(request): entry['title'] = request.POST['title'] or unicode(splitext(filename)[0]) entry['description'] = request.POST.get('description') - import markdown md = markdown.Markdown( safe_mode = 'escape') - entry['description_html'] = md.convert( - entry['description']) + entry['description_html'] = clean_html( + md.convert( + entry['description'])) entry['media_type'] = u'image' # heh entry['uploader'] = request.user['_id'] |