Re: django.contrib.markup deprecated in 1.5 - what's the alternative?

Thanks for the pointer Jirka - I hadn't managed to find that ticket.
Makes sense and, like you, I only have a few trusted users entering
text that will be filtered.

On 15 September 2012 19:37, Jirka Vejrazka <jirka.vejrazka@gmail.com> wrote:
> Hi Phil,
>
> incidentally, I was looking at this just recently. The
> contrib.markup was deprecated mainly due to security issues with 3rd
> party libraries that could not be fixed in Django itself and were
> compromising its security. For more, read
> https://code.djangoproject.com/ticket/18054
>
> Can't tell you what the replacement is. I rolled up my own markup
> filter, but I only have a handful of trusted users for my web app so I
> don't have to be too concerned with trusting their inputs.
>
> You can copy the markup filter from 1.4 - just be aware of the
> security consequences.
>
> HTH
>
> Jirka
>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
>



--
http://www.gyford.com/

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.