HTML Code getting removed.

[astikanand]

Whenever any HTML Code is written inside the editor it is being removed as [HTML_REMOVED].
Ideally, this should not happen. Can you please have a look into it.

[agusmakmun]

Because we using safe mode for default configuration:

MARTOR_MARKDOWN_SAFE_MODE = True

This case especially to handle xss injection, looks like <script>location.reload();</script> or etc.

But, you can also see what docs says:

• False - Raw HTML is passed through unaltered.
• "replace" - Replace all HTML blocks with the text assigned to html_replacement_text
• "remove" - All raw HTML will be completely stripped from the text with no warning to the author.
• "escape" - All raw HTML will be escaped and included in the document.

[astikanand]

Very very thanks for the quick response. Regards, Astik Anand

…

On Sat, Mar 17, 2018 at 10:35 PM, agus makmun ***@***.***> wrote: Because we using safe mode for default configuration: MARTOR_MARKDOWN_SAFE_MODE = True This case especially to handle xss injection, looks like <script>location.reload();</script> or etc. But, you can also see what docs says <https://python-markdown.github.io/reference/#safe_mode>: - False - Raw HTML is passed through unaltered. - "replace" - Replace all HTML blocks with the text assigned to html_replacement_text - "remove" - All raw HTML will be completely stripped from the text with no warning to the author. - "escape" - All raw HTML will be escaped and included in the document. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#25 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AIiwTBCk224KUVyZ_W-msJjs_7xdgLBmks5tfUJhgaJpZM4Su0Ou> .

[jdhurwitz]

@agusmakmun, When my field contains HTML as shown below, editing MARTOR_MARKDOWN_SAFE_MODE only gives me the html tags (image attached) formatted in with the text. However, I'd like these tags to be used to actually format the field itself. For example, if there is a
then there should be a line break and the user should not see any of the tags. With django-markdownx, this is supported. Am I doing something wrong here/what should I check?

<p>Since strings internally are converted to <code>uint64</code> for space efficiency on the eos.io blockchain what are the restrictions that need to be followed for:</p>

<ul>
<li>actions</li>
<li>tables</li>
<li>index identifiers (within <code>multi_index</code>'s)</li>
<li>contract names</li>
<li>anything else I've forgotten?</li>
</ul>


[agusmakmun]

@jdhurwitz yes of course, you should change to MARTOR_MARKDOWN_SAFE_MODE = False.

But, as you can see. This is dangerous method.

[jdhurwitz]

@agusmakmun Right, I have done that, but my text shown in the first box appears with the tags, whereas I want it to actually parse the tags and display it formatted.

[agusmakmun]

Simply safe the markdown content as html ouput with loading the templatetags from martor/templatetags/martortags.py.

{% load martortags %}
{{ field_name|safe_markdown }}

# example
{{ post.description|safe_markdown }}

[jdhurwitz]

I'm doing exactly that, and I still get it showing all the tags as shown in the bottom of my first comment on this thread. Here is my HTML:

[uditvashisht]

Hi, is there any way, in which I can add the html too ? e.g. if I want to embed a youtube video in my article or a tweet? It says <HTML_REMOVED>.

[agusmakmun]

@uditvashisht you just need to add the youtube link into editor, don't use <iframe or <embed syntax.

[uditvashisht]

In that case, it's not possible to align that video at the centre. Also what about Twitter threads...

…

Sent from my iPhone

On 04-Apr-2019, at 18:47, agus makmun ***@***.***> wrote: @uditvashisht you just need to add the youtube link into editor, don't use <iframe or <embed syntax. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.