Opened 14 years ago
Last modified 14 years ago
#78 closed defect (FIXED)
Rich descriptions in MediaEntries
Reported by: | Christopher Allan Webber | Owned by: | joar |
---|---|---|---|
Priority: | minor | Milestone: | 0.0.3 |
Component: | programming | Keywords: | |
Cc: | Parent Tickets: |
Description
Similar to `http://bugs.foocorp.net/issues/362#note-2 <http://bugs.foocorp.net/issues/362#note-2>`_ we should have descriptions be in markdown, and then we should prerender them and display that prerendered niceness. :: >>> entry['description'] = 'I am *soooo* hungry!' >>> entry.render_body() >>> entry['description_rendered'] u'<p>I am <em>soooo</em> hungry!</p>' >>> entry.save()
Change History (12)
comment:2 by , 14 years ago
As I noted on irc: I don't think, that storing the rendered html in the main table is a good idea. I would suggest some (persistent) cache. As markdown seems to have options: We don't want to regenerate all entries. It's much simpler to kill the cache and regenerate things as they're needed.
comment:3 by , 14 years ago
Sent merge request, `https://gitorious.org/mediagoblin/mediagoblin/merge\_requests/11 <https://gitorious.org/mediagoblin/mediagoblin/merge_requests/11>`_
comment:4 by , 14 years ago
Regarding markdown: :: 12/16:42.36 < paroneayea> https://github.com/reddit/reddit/blob/master/r2/r2/lib/py_markdown.py 12/16:43.19 < paroneayea> text = img.sub('', text) #remove images 12/16:43.21 < paroneayea> haha 12/16:44.25 < paroneayea> man they do it twice in that function 12/16:44.32 < paroneayea> I wonder if that's intentional or an accident 12/16:45.33 < jwandborg> hah, that's a straight forward solution at least ... 12/16:48.34 < paroneayea> jwandborg: https://magicalhobo.wordpress.com/2011/05/05/disabling-images-in-python-markdown/ this also looks like a solution 12/16:48.53 < paroneayea> but we'll want to make sure we can avoid the evil-javascript-attack issue that hit reddit a while ago still 12/16:49.24 < jwandborg> The encoded javascript? 12/16:49.36 < jwandborg> jibberish characters that execute as javascript? 12/16:49.45 < paroneayea> yeah, I think it was: http://blog.reddit.com/2009/09/we-had-some-bugs-and-it-hurt-us.html 12/16:50.49 < jwandborg> http://code.reddit.com/changeset/1f1f0606f5b6bf14a0db55a28cfd03e1e42e3550
comment:5 by , 14 years ago
So a few things before I think this is mergeable. - I thought we could avoid implementing an html\_cleaner function for now by going the markdown route but it seems I'm wrong: `http://michelf.com/weblog/2010/markdown-and-xss/ <http://michelf.com/weblog/2010/markdown-and-xss/>`_ `http://stackoverflow.com/questions/5266134/best-practice-for-allowing-markdown-in-python-while-preventing-xss-attacks <http://stackoverflow.com/questions/5266134/best-practice-for-allowing-markdown-in-python-while-preventing-xss-attacks>`_ ... it seems like we need an html\_cleaner method regardless and always need to run this output through it. I'll make a bug for that shortly. - It would be good to move the in-function import of markdown to the top of the relevant module. - This work is looking really good! I'd appreciate it if continued work on it until it becomes mergeable would happen in its own branch... per-feature branches make my life easier by a lot.
comment:6 by , 14 years ago
See `http://bugs.foocorp.net/issues/379 <http://bugs.foocorp.net/issues/379>`_ as we now have util.html\_cleaner() :)
comment:7 by , 14 years ago
Pushed updates to [https://gitorious.org/\ :sub:`jwandborg/mediagoblin/jwandborgs-mediagoblin/commits/issue\_363](https://gitorious.org/`\ jwandborg/mediagoblin/jwandborgs-mediagoblin/commits/issue\_363)
comment:8 by , 14 years ago
One more thing, and that's that I think we need to add migrations. But I can probably get to that myself if you don't have time.
comment:9 by , 14 years ago
Status: | New → Resolved |
---|
I added the migration and merged this. Run "./bin/gmg migrate" to get your existing mediaentries migrated. Super excited to have this in... thanks SO MUCH Joar!
comment:10 by , 14 years ago
This is strange. This bug doesn't seem to have any way of marking it as closed?!
comment:11 by , 14 years ago
Status: | Resolved → Closed |
---|
I see. It was previously blocked by `http://bugs.foocorp.net/issues/379 <http://bugs.foocorp.net/issues/379>`_ but I removed the block. Closed now!
comment:12 by , 13 years ago
The original url for this bug was http://bugs.foocorp.net/issues/363 .
Relations:
#337: related
Note:
See TracTickets
for help on using tickets.