Enable safe mode for markdown parsing

Although we don't allow unauthenticated users to post content, we should still cover our bases here and ensure people can't inject stuff into the production website via an inadvertent XSS. Signed-off-by: Dan McGee <dan@archlinux.org>
author: Dan McGee <dan@archlinux.org> 2012-10-26 16:49:58 -0500
committer: Dan McGee <dan@archlinux.org> 2012-10-26 16:50:00 -0500
commit: 0b97d52351fc2bdcae16f1a1e7c56afd4ed476ad (patch)
tree: cae2a43c21d99f236a235863ee98f76775fb78c9 /templates/public/index.html
parent: 520066075938d325f93f814f92bb6005d00833c8 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/templates/public/index.html b/templates/public/index.html
index 000a527b..762433a4 100644
--- a/templates/public/index.html
+++ b/templates/public/index.html
@@ -53,8 +53,8 @@
     </h4>
     <p class="timestamp">{{ news.postdate|date }}</p>
     <div class="article-content">
-        {% if forloop.counter0 == 0 %}{{ news.content|markdown|truncatewords_html:300 }}
-        {% else %}{{ news.content|markdown|truncatewords_html:100 }}{% endif %}
+        {% if forloop.counter0 == 0 %}{{ news.content|markdown:'safe'|truncatewords_html:300 }}
+        {% else %}{{ news.content|markdown:'safe'|truncatewords_html:100 }}{% endif %}
     </div>
     {% else %}
     {% if forloop.counter0 == 5 %}
author	Dan McGee <dan@archlinux.org>	2012-10-26 16:49:58 -0500
committer	Dan McGee <dan@archlinux.org>	2012-10-26 16:50:00 -0500
commit	0b97d52351fc2bdcae16f1a1e7c56afd4ed476ad (patch)
tree	cae2a43c21d99f236a235863ee98f76775fb78c9 /templates/public/index.html
parent	520066075938d325f93f814f92bb6005d00833c8 (diff)