Fix script injection using markdown

author rubenwardy <rw@rubenwardy.com>

Sat, 24 Mar 2018 19:19:04 +0000 (19:19 +0000)

committer rubenwardy <rw@rubenwardy.com>

Sat, 24 Mar 2018 19:19:04 +0000 (19:19 +0000)
author rubenwardy <rw@rubenwardy.com>
Sat, 24 Mar 2018 19:19:04 +0000 (19:19 +0000)
committer rubenwardy <rw@rubenwardy.com>
Sat, 24 Mar 2018 19:19:04 +0000 (19:19 +0000)
diff --git a/app/__init__.py b/app/__init__.py

index d9c2b384a14f6c8b9726f037f92b09742336348e..b5aa36c9a57fc0c13e9dffe2d8460e2ab743d6c4 100644 (file)
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -9,7 +9,7 @@ app = Flask(__name__)
  app.config.from_pyfile(os.environ["FLASK_CONFIG"])
  
  menu.Menu(app=app)
-markdown.Markdown(app, extensions=["fenced_code"])
+markdown.Markdown(app, extensions=["fenced_code"], safe_mode=True, output_format="html5")
  github = GitHub(app)
  
  from . import models
author	rubenwardy <rw@rubenwardy.com>
	Sat, 24 Mar 2018 19:19:04 +0000 (19:19 +0000)
committer	rubenwardy <rw@rubenwardy.com>
	Sat, 24 Mar 2018 19:19:04 +0000 (19:19 +0000)