Browse Source

escape() and bleach.clean() are disabled... sanitizing does not render the html at all anymore...

pull/30/head
manetta 3 years ago
parent
commit
de8027f68a
  1. 2
      octomode.py
  2. 2
      templates/pagedjs.html
  3. 2
      templates/preview.html

2
octomode.py

@ -80,7 +80,7 @@ def md_to_html(md_pad_content):
# html = bleach.clean(html) # html = bleach.clean(html)
# Another built-in Flask way to sanitize # Another built-in Flask way to sanitize
html = escape(html) # html = escape(html)
html = Markup(html) html = Markup(html)
return html return html

2
templates/pagedjs.html

@ -15,7 +15,7 @@
</section> </section>
<section id="main"> <section id="main">
<div id="wrapper">{{ pad_content | safe }}</div> <div id="wrapper">{{ pad_content }}</div>
</section> </section>
</body> </body>
</html> </html>

2
templates/preview.html

@ -13,7 +13,7 @@
</section> </section>
<section id="main"> <section id="main">
<div id="wrapper">{{ pad_content | safe }}</div> <div id="wrapper">{{ pad_content }}</div>
</section> </section>
</body> </body>
</html> </html>

Loading…
Cancel
Save