Security for rst->html

- disallow includes and raw html - http://docutils.sourceforge.net/docs/howto/security.html darcs-hash:20090701050141-82ea9-7c548a15dc4427c248871eb3eec43fa88c8a0f17.gz
author: Richard Darst <rkd@zgib.net> 2009-07-01 05:01:41 (GMT)
committer: Richard Darst <rkd@zgib.net> 2009-07-01 05:01:41 (GMT)
commit: 59defc5c7496f5deeea5a05bf640c0f3060800a1 (patch)
tree: e598516c09292532451d729322afd05ad60fb654 /writers.py
parent: 8b87980586c4dfa331452e35c8196e191af098df (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/writers.py b/writers.py
index d237c07..57cf7b0 100644
--- a/writers.py
+++ b/writers.py
@@ -312,5 +312,7 @@ class HTMLfromRST(object):
     def format(self, M):
         import docutils.core
         rst = RST().format(M)
-        rstToHTML = docutils.core.publish_string(rst, writer_name='html')
+        rstToHTML = docutils.core.publish_string(rst, writer_name='html',
+                             settings_overrides={'file_insertion_enabled': 0,
+                                                 'raw_enabled': 0})
         return rstToHTML
author	Richard Darst <rkd@zgib.net>	2009-07-01 05:01:41 (GMT)
committer	Richard Darst <rkd@zgib.net>	2009-07-01 05:01:41 (GMT)
commit	59defc5c7496f5deeea5a05bf640c0f3060800a1 (patch)
tree	e598516c09292532451d729322afd05ad60fb654 /writers.py
parent	8b87980586c4dfa331452e35c8196e191af098df (diff)