Rich descriptions in MediaEntries

[Christopher Allan Webber]

Similar to http://bugs.foocorp.net/issues/362#note-2 we should have descriptions be in markdown, and then we should prerender them and display that prerendered niceness.

>>> entry['description'] = 'I am *soooo* hungry!'
>>> entry.render_body()
>>> entry['description_rendered']
u'<p>I am <em>soooo</em> hungry!</p>'
>>> entry.save()

[Christopher Allan Webber]

Don't forget to escape:

safe_mode="escape"

[http://www.freewisdom.org/projects/python-markdown/Using_as_a_Module](http://www.freewisdom.org/projects/python-markdown/Using_as_a_Module)

[Elrond]

As I noted on irc: I don't think, that storing the rendered html in the main table is a good idea. I would suggest some (persistent) cache. As markdown seems to have options: We don't want to regenerate all entries. It's much simpler to kill the cache and regenerate things as they're needed.

[joar]

Sent merge request, https://gitorious.org/mediagoblin/mediagoblin/merge_requests/11

[joar]

Regarding markdown:

12/16:42.36 < paroneayea> https://github.com/reddit/reddit/blob/master/r2/r2/lib/py_markdown.py
12/16:43.19 < paroneayea> text = img.sub('', text) #remove images
12/16:43.21 < paroneayea> haha
12/16:44.25 < paroneayea> man they do it twice in that function
12/16:44.32 < paroneayea> I wonder if that's intentional or an accident
12/16:45.33 < jwandborg> hah, that's a straight forward solution at least

...

12/16:48.34 < paroneayea> jwandborg: https://magicalhobo.wordpress.com/2011/05/05/disabling-images-in-python-markdown/
          this also looks like a solution
12/16:48.53 < paroneayea> but we'll want to make sure we can avoid the evil-javascript-attack issue that hit reddit a
                          while ago still
12/16:49.24 < jwandborg> The encoded javascript?
12/16:49.36 < jwandborg> jibberish characters that execute as javascript?
12/16:49.45 < paroneayea> yeah, I think it was: http://blog.reddit.com/2009/09/we-had-some-bugs-and-it-hurt-us.html
12/16:50.49 < jwandborg> http://code.reddit.com/changeset/1f1f0606f5b6bf14a0db55a28cfd03e1e42e3550

[Christopher Allan Webber]

So a few things before I think this is mergeable.

• I thought we could avoid implementing an html_cleaner function for now by going the markdown route but it seems I'm wrong: http://michelf.com/weblog/2010/markdown-and-xss/ http://stackoverflow.com/questions/5266134/best-practice-for-allowing-markdown-in-python-while-preventing-xss-attacks ... it seems like we need an html_cleaner method regardless and always need to run this output through it. I'll make a bug for that shortly.
• It would be good to move the in-function import of markdown to the top of the relevant module.
• This work is looking really good! I'd appreciate it if continued work on it until it becomes mergeable would happen in its own branch... per-feature branches make my life easier by a lot.

[Christopher Allan Webber]

See http://bugs.foocorp.net/issues/379 as we now have util.html_cleaner() :)

[joar]

Pushed updates to [https://gitorious.org/_{jwandborg/mediagoblin/jwandborgs-mediagoblin/commits/issue_363](https://gitorious.org/}jwandborg/mediagoblin/jwandborgs-mediagoblin/commits/issue_363)

[Christopher Allan Webber]

One more thing, and that's that I think we need to add migrations. But I can probably get to that myself if you don't have time.

[Christopher Allan Webber]

I added the migration and merged this. Run "./bin/gmg migrate" to get your existing mediaentries migrated.

Super excited to have this in... thanks SO MUCH Joar!

[Christopher Allan Webber]

This is strange. This bug doesn't seem to have any way of marking it as closed?!

[Christopher Allan Webber]

I see. It was previously blocked by http://bugs.foocorp.net/issues/379 but I removed the block. Closed now!

[Will Kahn-Greene]

The original url for this bug was ​http://bugs.foocorp.net/issues/363 .
Relations:
#337: related