HTML in markdown?

[tobes]

There was some talk about allowing html in markdown rendering. This is of course a bit of a risk. A patch like the following (mainly improved docstring) would allow this via h.markdown(data, allow_html=true) in a template. This would help for example the pages extension where only 'responsible' people can create content. Maybe even have as a config option for that extension that defaults to false.

diff --git a/ckan/lib/helpers.py b/ckan/lib/helpers.py
index b82a593..0e9ff6a 100644
--- a/ckan/lib/helpers.py
+++ b/ckan/lib/helpers.py
@@ -1527,12 +1527,22 @@ def html_auto_link(data):
     return data


-def render_markdown(data, auto_link=True):
-    ''' returns the data as rendered markdown '''
+def render_markdown(data, auto_link=True, allow_html=False):
+    ''' Returns the data as rendered markdown
+
+    :param auto_link: Should ckan specific links be created e.g. `group:<id>`
+    :type auto_link: bool
+    :param allow_html: If True then html entities in the markdown data are kept
+        This is dangerous if users have added malicious content.
+        If False all html tags are removed.
+    :type allow_html: bool
+    '''
     if not data:
         return ''
-    data = RE_MD_HTML_TAGS.sub('', data.strip())
-    data = markdown(data, safe_mode=True)
+    if not allow_html:
+        data = RE_MD_HTML_TAGS.sub('', data.strip())
+        data = markdown(data, safe_mode=False)
     # tags can be added by tag:... or tag:"...." and a link will be made
     # from it
     if auto_link:

If this seems acceptable I'll create a pull request

[davidread]

Remember a test. I'm not sure it is right to have safe_mode=False

[tobes]

if we don't have that then html tags are stripped by the markdown builder

[tobes]

I'll clean it up anyway

[amercader]

Fixed in #1747