[Zope3-Users] Disable raw directive in restructured text
Florian Lindner
mailinglists at xgm.de
Fri Mar 16 13:09:35 EDT 2007
Am Freitag, 16. März 2007 16:48 schrieb Martijn Pieters:
> On 3/15/07, Florian Lindner <mailinglists at xgm.de> wrote:
> > I've found out it could partly be achieved by using:
> >
> > def convertToHTML(self, comment):
> > """ Converts a comment from restructured text to HTML. """
> > text = unicode(comment.content)
> > settings_override = {}
> > settings_override["raw_enabled"] = False
> > settings_override["file_insertion_enabled"] = False
> > # settings_override["report_level"] = "quiet"
> > renderer = ReStructuredTextToHTMLRenderer(text, self.request)
> > return renderer.render(settings_override).strip()
> >
> > but now a raw directive generates an error message whereas it is
> > completely swallowed when uncommenting the report_level.
>
> Note that you should really read the following:
>
> http://docutils.sourceforge.net/docs/howto/security.html
>
> You'll have to disable the include and csv-table directives as well.
The file_insertion_enabled = False disables the include and csv-table
directives.
settings_override = {}
settings_override["raw_enabled"] = False
settings_override["file_insertion_enabled"] = False
I think it's safe this way.
But these settings still don't entirely satisfy me because if somebody
enters .. raw:: html a warning message is printed informing that raw is
disabled. If I set:
settings_override["report_level"] = "quiet"
The raw directive is is completely removed from output. What I want is that it
is treated just like any other text, appearing also in the output.
Is that possible?
Thanks,
Florian
More information about the Zope3-users
mailing list