Opened 13 years ago

Last modified 13 years ago

#78 closed defect (FIXED)

Rich descriptions in MediaEntries

Reported by: Christopher Allan Webber Owned by: joar
Priority: minor Milestone: 0.0.3
Component: programming Keywords:
Cc: Parent Tickets:

Description 

Similar to
`http://bugs.foocorp.net/issues/362#note-2 <http://bugs.foocorp.net/issues/362#note-2>`_
we should have descriptions be in markdown, and then we should
prerender them and display that prerendered niceness.

::

    >>> entry['description'] = 'I am *soooo* hungry!'
    >>> entry.render_body()
    >>> entry['description_rendered']
    u'<p>I am <em>soooo</em> hungry!</p>'
    >>> entry.save()

Change History (12)

comment:1 by Christopher Allan Webber, 13 years ago 

Don't forget to escape:

safe\_mode="escape"

::

    [http://www.freewisdom.org/projects/python-markdown/Using_as_a_Module](http://www.freewisdom.org/projects/python-markdown/Using_as_a_Module)

comment:2 by Elrond, 13 years ago 

As I noted on irc:
I don't think, that storing the rendered html in the main table is
a good idea. I would suggest some (persistent) cache.
As markdown seems to have options: We don't want to regenerate all
entries. It's much simpler to kill the cache and regenerate things
as they're needed.

comment:3 by joar, 13 years ago 

Sent merge request,
`https://gitorious.org/mediagoblin/mediagoblin/merge\_requests/11 <https://gitorious.org/mediagoblin/mediagoblin/merge_requests/11>`_

comment:4 by joar, 13 years ago 

Regarding markdown:

::

    12/16:42.36 < paroneayea> https://github.com/reddit/reddit/blob/master/r2/r2/lib/py_markdown.py
    12/16:43.19 < paroneayea> text = img.sub('', text) #remove images
    12/16:43.21 < paroneayea> haha
    12/16:44.25 < paroneayea> man they do it twice in that function
    12/16:44.32 < paroneayea> I wonder if that's intentional or an accident
    12/16:45.33 < jwandborg> hah, that's a straight forward solution at least
    
    ...
    
    12/16:48.34 < paroneayea> jwandborg: https://magicalhobo.wordpress.com/2011/05/05/disabling-images-in-python-markdown/
              this also looks like a solution
    12/16:48.53 < paroneayea> but we'll want to make sure we can avoid the evil-javascript-attack issue that hit reddit a
                              while ago still
    12/16:49.24 < jwandborg> The encoded javascript?
    12/16:49.36 < jwandborg> jibberish characters that execute as javascript?
    12/16:49.45 < paroneayea> yeah, I think it was: http://blog.reddit.com/2009/09/we-had-some-bugs-and-it-hurt-us.html
    12/16:50.49 < jwandborg> http://code.reddit.com/changeset/1f1f0606f5b6bf14a0db55a28cfd03e1e42e3550

comment:5 by Christopher Allan Webber, 13 years ago 

So a few things before I think this is mergeable.


-  I thought we could avoid implementing an html\_cleaner function
   for now by going the markdown route but it seems I'm wrong:
   `http://michelf.com/weblog/2010/markdown-and-xss/ <http://michelf.com/weblog/2010/markdown-and-xss/>`_
   `http://stackoverflow.com/questions/5266134/best-practice-for-allowing-markdown-in-python-while-preventing-xss-attacks <http://stackoverflow.com/questions/5266134/best-practice-for-allowing-markdown-in-python-while-preventing-xss-attacks>`_
   ... it seems like we need an html\_cleaner method regardless and
   always need to run this output through it. I'll make a bug for that
   shortly.
-  It would be good to move the in-function import of markdown to
   the top of the relevant module.
-  This work is looking really good! I'd appreciate it if continued
   work on it until it becomes mergeable would happen in its own
   branch... per-feature branches make my life easier by a lot.

comment:6 by Christopher Allan Webber, 13 years ago 

See
`http://bugs.foocorp.net/issues/379 <http://bugs.foocorp.net/issues/379>`_
as we now have util.html\_cleaner() :)

comment:7 by joar, 13 years ago 

Pushed updates to
[https://gitorious.org/\ :sub:`jwandborg/mediagoblin/jwandborgs-mediagoblin/commits/issue\_363](https://gitorious.org/`\ jwandborg/mediagoblin/jwandborgs-mediagoblin/commits/issue\_363)

comment:8 by Christopher Allan Webber, 13 years ago 

One more thing, and that's that I think we need to add migrations.
But I can probably get to that myself if you don't have time.

comment:9 by Christopher Allan Webber, 13 years ago

Status: NewResolved 
I added the migration and merged this. Run "./bin/gmg migrate" to
get your existing mediaentries migrated.

Super excited to have this in... thanks SO MUCH Joar!

comment:10 by Christopher Allan Webber, 13 years ago 

This is strange. This bug doesn't seem to have any way of marking
it as closed?!

comment:11 by Christopher Allan Webber, 13 years ago

Status: ResolvedClosed 
I see. It was previously blocked by
`http://bugs.foocorp.net/issues/379 <http://bugs.foocorp.net/issues/379>`_
but I removed the block. Closed now!

comment:12 by Will Kahn-Greene, 13 years ago

The original url for this bug was http://bugs.foocorp.net/issues/363 .
Relations:
#337: related

Note: See TracTickets for help on using tickets.