Open GoogleCodeExporter opened 8 years ago
Oops I forgot a the end:
def is_safe_link(value):
return value.startswith('http://' or value.startswith('#')
m = Markdown(safe_mode='replace' is_safe_link=is_safe_link)
>>> m.convert("[evil][evil]\n[evil]: javascript:alert('evil');")
u'<p><a>evil</a></p>\n'
The result could be something else like
u'<p>[HTML_REMOVED]evil[HTML_REMOVED]</p>\n'
Original comment by he...@precheur.org
on 19 Jan 2011 at 12:15
Original issue reported on code.google.com by
he...@precheur.org
on 19 Jan 2011 at 12:10