From 0b97d52351fc2bdcae16f1a1e7c56afd4ed476ad Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Fri, 26 Oct 2012 16:49:58 -0500
Subject: Enable safe mode for markdown parsing

Although we don't allow unauthenticated users to post content, we should
still cover our bases here and ensure people can't inject stuff into the
production website via an inadvertent XSS.

Signed-off-by: Dan McGee <dan@archlinux.org>
---
 templates/feeds/news_description.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'templates/feeds')

diff --git a/templates/feeds/news_description.html b/templates/feeds/news_description.html
index e75d0af7..77830367 100644
--- a/templates/feeds/news_description.html
+++ b/templates/feeds/news_description.html
@@ -1,3 +1,3 @@
 {% load markup %}
 <p>{{obj.author.get_full_name}} wrote:</p>
-{{ obj.content|markdown }}
\ No newline at end of file
+{{ obj.content|markdown:'safe' }}
-- 
cgit v1.2.3-2-g168b


From 62bb3db8ada68a22c7a58f32b2e6bed63f19e53c Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Fri, 26 Oct 2012 17:36:12 -0500
Subject: Remove usages of 'django.contrib.markup'

Switch to the news model being able to spit out the HTML version of the
content, and don't use the markup contrib module. This is deprecated as
of Django 1.5 so we can move off it now to save trouble down the road
when it is fully removed.

Signed-off-by: Dan McGee <dan@archlinux.org>
---
 templates/feeds/news_description.html | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'templates/feeds')

diff --git a/templates/feeds/news_description.html b/templates/feeds/news_description.html
index 77830367..d3cacebc 100644
--- a/templates/feeds/news_description.html
+++ b/templates/feeds/news_description.html
@@ -1,3 +1,2 @@
-{% load markup %}
 <p>{{obj.author.get_full_name}} wrote:</p>
-{{ obj.content|markdown:'safe' }}
+{{ obj.content.html }}
-- 
cgit v1.2.3-2-g168b


From bcccd16606a89507e5d5083440a50c98c576d380 Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Sat, 27 Oct 2012 13:53:24 -0500
Subject: Fix news feed content display

Signed-off-by: Dan McGee <dan@archlinux.org>
---
 templates/feeds/news_description.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'templates/feeds')

diff --git a/templates/feeds/news_description.html b/templates/feeds/news_description.html
index d3cacebc..61ceedf3 100644
--- a/templates/feeds/news_description.html
+++ b/templates/feeds/news_description.html
@@ -1,2 +1,2 @@
 <p>{{obj.author.get_full_name}} wrote:</p>
-{{ obj.content.html }}
+{{ obj.html }}
-- 
cgit v1.2.3-2-g168b