7 files changed, 30 insertions, 9 deletions

diff --git a/mediagoblin/db/models.py b/mediagoblin/db/models.py
index d77cf619..e034cc29 100644
--- a/mediagoblin/db/models.py
+++ b/mediagoblin/db/models.py
@@ -73,7 +73,8 @@ class MediaEntry(Document):
         'title': unicode,
         'slug': unicode,
         'created': datetime.datetime,
-        'description': unicode,
+        'description': unicode, # May contain markdown/up
+        'description_html': unicode, # May contain plaintext, or HTML
         'media_type': unicode,
         'media_data': dict, # extra data relevant to this media_type
         'plugin_data': dict, # plugins can dump stuff here.
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index c5f0f435..6c16a61e 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -17,11 +17,13 @@
 
 from webob import exc
 
-from mediagoblin.util import render_to_response, redirect
+from mediagoblin.util import render_to_response, redirect, clean_html
 from mediagoblin.edit import forms
 from mediagoblin.edit.lib import may_edit_media
 from mediagoblin.decorators import require_active_login, get_user_media_entry
 
+import markdown
+
 
 @get_user_media_entry
 @require_active_login
@@ -47,7 +49,14 @@ def edit_media(request, media):
                 u'An entry with that slug already exists for this user.')
         else:
             media['title'] = request.POST['title']
-            media['description'] = request.POST['description']
+            media['description'] = request.POST.get('description')
+            
+            md = markdown.Markdown(
+                safe_mode = 'escape')
+            media['description_html'] = clean_html(
+                md.convert(
+                    media['description']))
+
             media['slug'] = request.POST['slug']
             media.save()
 
diff --git a/mediagoblin/submit/views.py b/mediagoblin/submit/views.py
index e9b5c37e..437a5a51 100644
--- a/mediagoblin/submit/views.py
+++ b/mediagoblin/submit/views.py
@@ -19,11 +19,13 @@ from cgi import FieldStorage
 
 from werkzeug.utils import secure_filename
 
-from mediagoblin.util import render_to_response, redirect
+from mediagoblin.util import render_to_response, redirect, clean_html
 from mediagoblin.decorators import require_active_login
 from mediagoblin.submit import forms as submit_forms, security
 from mediagoblin.process_media import process_media_initial
 
+import markdown
+
 
 @require_active_login
 def submit_start(request):
@@ -48,6 +50,13 @@ def submit_start(request):
             entry = request.db.MediaEntry()
             entry['title'] = request.POST['title'] or unicode(splitext(filename)[0])
             entry['description'] = request.POST.get('description')
+            
+            md = markdown.Markdown(
+                safe_mode = 'escape')
+            entry['description_html'] = clean_html(
+                md.convert(
+                    entry['description']))
+            
             entry['media_type'] = u'image' # heh
             entry['uploader'] = request.user['_id']
 
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html
index 200f13cd..44bc38b8 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/media.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media.html
@@ -25,7 +25,9 @@
     </h1>
     <img class="media_image" src="{{ request.app.public_store.file_url(
                   media.media_files.main) }}" />
-    <p>{{ media.description }}</p>
+    {% autoescape False %}
+    <p>{{ media.description_html }}</p>
+    {% endautoescape %}
     <p>Uploaded on
     {{ "%4d-%02d-%02d"|format(media.created.year,
                               media.created.month, media.created.day) }}
diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py
index 88b5dfe5..d6cd6034 100644
--- a/mediagoblin/user_pages/views.py
+++ b/mediagoblin/user_pages/views.py
@@ -108,10 +108,10 @@ def atom_feed(request):
     feed = AtomFeed(request.matchdict['user'],
                feed_url=request.url,
                url=request.host_url)
-            
+    
     for entry in cursor:
         feed.add(entry.get('title'),
-            entry.get('description'),
+            entry.get('description_html'),
             content_type='html',
             author=request.matchdict['user'],
             updated=entry.get('created'),
diff --git a/mediagoblin/util.py b/mediagoblin/util.py
index 349bc027..4d625728 100644
--- a/mediagoblin/util.py
+++ b/mediagoblin/util.py
@@ -33,7 +33,6 @@ from lxml.html.clean import Cleaner
 from mediagoblin import mg_globals
 from mediagoblin.db.util import ObjectId
 
-
 TESTS_ENABLED = False
 def _activate_testing():
     """
@@ -98,7 +97,7 @@ def get_jinja_env(template_loader, locale):
 
     template_env = jinja2.Environment(
         loader=template_loader, autoescape=True,
-        extensions=['jinja2.ext.i18n'])
+        extensions=['jinja2.ext.i18n', 'jinja2.ext.autoescape'])
 
     template_env.install_gettext_callables(
         mg_globals.translations.gettext,
diff --git a/setup.py b/setup.py
index cd0e7f0b..2a007f4e 100644
--- a/setup.py
+++ b/setup.py
@@ -43,6 +43,7 @@ setup(
         'argparse',
         'webtest',
         'ConfigObj',
+        'Markdown',
         ## For now we're expecting that users will install this from
         ## their package managers.
         # 'lxml',