[1.3.X] Fixed #17837. Improved markdown safety.

Markdown enable_attributes is now False when safe_mode is enabled. Documented the markdown "safe" argument. Added warnings when the safe argument is passed to versions of markdown which cannot be made safe. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17734 bcc190cf-cafb-0310-a4f2-bffc1f526a37
author: Paul McMillan <Paul@McMillan.ws> 2012-03-14 18:51:20 +0000
committer: Paul McMillan <Paul@McMillan.ws> 2012-03-14 18:51:20 +0000
commit: 1f924cf72d76466a359371267c448d19c4e1352a (patch)
tree: fb3ed5ce793b60e523d204473762b1edf8d891dd /docs
parent: d498033818d2e1b395e303003536462c8690e96e (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/docs/ref/contrib/markup.txt b/docs/ref/contrib/markup.txt
index 7f43810674..09cb080221 100644
--- a/docs/ref/contrib/markup.txt
+++ b/docs/ref/contrib/markup.txt
@@ -47,3 +47,19 @@ override the default writer settings. See the `restructuredtext writer
 settings`_ for details on what these settings are.
 
 .. _restructuredtext writer settings: http://docutils.sourceforge.net/docs/user/config.html#html4css1-writer
+
+Markdown
+--------
+
+The Python Markdown library supports options named "safe_mode" and
+"enable_attributes". Both relate to the security of the output. To enable both
+options in tandem, the markdown filter supports the "safe" argument.
+
+    {{ markdown_content_var|markdown:"safe" }}
+
+.. warning::
+
+    Versions of the Python-Markdown library prior to 2.1 do not support the
+    optional disabling of attributes and by default they will be included in
+    any output from the markdown filter - a warning is issued if this is the
+    case.
author	Paul McMillan <Paul@McMillan.ws>	2012-03-14 18:51:20 +0000
committer	Paul McMillan <Paul@McMillan.ws>	2012-03-14 18:51:20 +0000
commit	1f924cf72d76466a359371267c448d19c4e1352a (patch)
tree	fb3ed5ce793b60e523d204473762b1edf8d891dd /docs
parent	d498033818d2e1b395e303003536462c8690e96e (diff)