summaryrefslogtreecommitdiff
path: root/pgweb/util/markup.py
AgeCommit message (Collapse)Author
2020-11-12Re-do markdown handling for better user experience and securityMagnus Hagander
* Get rid of the django_markwhat dependency, and implement our own classes to get more control. In passing also remove django-markdown, because we never used that. * Instead of trying to clean markdown with regexps, use the bleach library (NEW DEPENDENCY) with special whitelisting of allowed tags based off standard markdown. This means that one can input links or formatting in HTML if one prefers, as long as it renders to the same subset of tags that markdown allows. * Replace javascript based client side preview with an actual call to a preview URL that renders the exact result using the same function, since the use of showdown on the client was increasingly starting to differ from the server, and since that cannot be kept secure the same way. Rewrite the client side javascript to work better with the now longer interval between updates of the preview. Long in planning, but never got around to it. Suggestion to use bleach for escaping from David Fetter.