mirror of
https://github.com/postgres/pgweb.git
synced 2025-08-03 15:38:59 +00:00
ea9becd746
* Get rid of the django_markwhat dependency, and implement our own classes to get more control. In passing also remove django-markdown, because we never used that. * Instead of trying to clean markdown with regexps, use the bleach library (NEW DEPENDENCY) with special whitelisting of allowed tags based off standard markdown. This means that one can input links or formatting in HTML if one prefers, as long as it renders to the same subset of tags that markdown allows. * Replace javascript based client side preview with an actual call to a preview URL that renders the exact result using the same function, since the use of showdown on the client was increasingly starting to differ from the server, and since that cannot be kept secure the same way. Rewrite the client side javascript to work better with the now longer interval between updates of the preview. Long in planning, but never got around to it. Suggestion to use bleach for escaping from David Fetter.
31 lines
771 B
JavaScript
31 lines
771 B
JavaScript
$(document).ready(function(){
|
|
$('textarea.markdown-content').each(function(idx, e) {
|
|
attach_markdown_preview(e.id, 0);
|
|
});
|
|
|
|
$('input.toggle-checkbox').each(function(idx, e) {
|
|
$(this).change(function(e) {
|
|
update_form_toggles($(this));
|
|
});
|
|
update_form_toggles($(e));
|
|
});
|
|
|
|
});
|
|
|
|
function update_form_toggles(e) {
|
|
var toggles = e.data('toggles').split(',');
|
|
var invert = e.data('toggle-invert');
|
|
var show = e.is(':checked');
|
|
if (invert) {
|
|
show = !show;
|
|
}
|
|
$.each(toggles, function(i, name) {
|
|
var e = $('#id_' + name);
|
|
if (show) {
|
|
$(e).parents('div.form-group').show();
|
|
} else {
|
|
$(e).parents('div.form-group').hide();
|
|
}
|
|
});
|
|
}
|