Menu
▾
▴
Re: [Python-markdown-discuss] Markdown escape function?
|
From: <way...@ic...> - 2017-05-24 12:25:11
|
If you need to filter input from an untrusted source, then you should not filter the Markdown input, but the HTML output instead. For a detailed explanation of why, see this article: https://michelf.ca/blog/2010/markdown-and-xss/ In Python I recommend Bleach with this whitelist as a good starting place: https://github.com/yourcelf/bleach-whitelist https://github.com/mozilla/bleach Waylan On May 24, 2017, 7:59 AM -0400, nusenu <nus...@ri...>, wrote: > > > way...@ic...: > > No, I am not aware of any such function. I've never seen on (that I > > recall) and never had a need or request for one either. > > Is no one using untrusted input in their markdown files? > |
