Re-enable markdown safe mode

This was removed when django removed support for it, but we then switched markdown library and didn't re-enable it. Since all content is moderated it's not so bad (per previous commit message), but better safe than sorry.
2025-07-23 00:47:10 +00:00 · 2018-11-17 19:56:10 +01:00
parent 82a616d0df
commit 61fccea6b0
7 changed files with 7 additions and 7 deletions
--- a/templates/downloads/productlist.html
+++ b/templates/downloads/productlist.html
@ -22,7 +22,7 @@
    </thead>
    <tbody>
      <tr>
-      	<td>{{product.description|markdown}}</td>
+      	<td>{{product.description|markdown:"safe"}}</td>
        <td>{{product.licencetype}}</td>
        <td>{{product.price}}</td>
        <td><a href="{{product.org.url}}" target="_blank">{{product.org.name}}</a></td>
--- a/templates/events/archive.html
+++ b/templates/events/archive.html
@ -29,7 +29,7 @@ whatsoever.</em>
 <div>Location: <strong>{{event.locationstring}}</strong></div>
 {%if event.language%}<div>Language: <strong>{{event.language}}</strong></div>{%endif%}
 <div class="newseventwrap">
-{{event.summary|markdown}}
+{{event.summary|markdown:"safe"}}
 </div>
 {%endfor%}
 {%if not archive%}
--- a/templates/events/item.html
+++ b/templates/events/item.html
@ -6,7 +6,7 @@
 <div class="eventdate">Date: <strong>{{obj.displaydate|safe}}</strong></div>
 <div>Location: {{obj.locationstring}}</div>
 {%if obj.language%}<div>Language: {{obj.language}}</div>{%endif%}
-{{obj.details|markdown}}
+{{obj.details|markdown:"safe"}}
 {%if obj.has_organisation%}
 <p>Posted by {{obj.org}}{%if obj.org.email%} ({{obj.org.email}}){%endif%}.</p>
 {%else%}
--- a/templates/events/rss_description.html
+++ b/templates/events/rss_description.html
@ -1,2 +1,2 @@
 {%load markup%}
-{{obj.summary|markdown}}
+{{obj.summary|markdown:"safe"}}
--- a/templates/news/item.html
+++ b/templates/news/item.html
@ -4,7 +4,7 @@
 {%block contents%}
 <h1>{{obj.title}}</h1>
 <div class="newsdate">Posted on <strong>{{obj.displaydate}}</strong>{% if obj.org.name != '_migrated' %} by {{ obj.org.name }}{% endif %}</div>
-{{obj.content|markdown}}
+{{obj.content|markdown:"safe"}}
 {%if obj.is_migrated%}
 <p><em>This post has been migrated from a previous version of the PostgreSQL
 website. We apologise for any formatting issues caused by the migration.</em></p>
--- a/templates/news/newsarchive.html
+++ b/templates/news/newsarchive.html
@ -11,7 +11,7 @@
 {%for obj in news %}
 <h2 class="news"><a href="/about/news/{{obj.id}}/">{{obj.title}}</a></h2>
 <div class="newsdate">Posted on <strong>{{obj.displaydate}}</strong>{% if obj.org.name != '_migrated' %} by {{ obj.org.name }}{% endif %}</div>
-{{obj.content|markdown|striptags|truncatewords:20}}
+{{obj.content|markdown:"safe"|striptags|truncatewords:20}}
 <p><a href="/about/news/{{obj.id}}/">Read more...</a></p>
 {%endfor%}
 <p><a href="/account/news/new/">Submit news</a></p>
--- a/templates/news/rss_description.html
+++ b/templates/news/rss_description.html
@ -1,2 +1,2 @@
 {%load markup%}
-{{obj.content|markdown}}
+{{obj.content|markdown:"safe"}}