diff options
author | Richard Darst <rkd@zgib.net> | 2009-07-01 05:01:41 (GMT) |
---|---|---|
committer | Richard Darst <rkd@zgib.net> | 2009-07-01 05:01:41 (GMT) |
commit | 59defc5c7496f5deeea5a05bf640c0f3060800a1 (patch) | |
tree | e598516c09292532451d729322afd05ad60fb654 /writers.py | |
parent | 8b87980586c4dfa331452e35c8196e191af098df (diff) |
Security for rst->html
- disallow includes and raw html
- http://docutils.sourceforge.net/docs/howto/security.html
darcs-hash:20090701050141-82ea9-7c548a15dc4427c248871eb3eec43fa88c8a0f17.gz
Diffstat (limited to 'writers.py')
-rw-r--r-- | writers.py | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -312,5 +312,7 @@ class HTMLfromRST(object): def format(self, M): import docutils.core rst = RST().format(M) - rstToHTML = docutils.core.publish_string(rst, writer_name='html') + rstToHTML = docutils.core.publish_string(rst, writer_name='html', + settings_overrides={'file_insertion_enabled': 0, + 'raw_enabled': 0}) return rstToHTML |