1 files changed, 63 insertions, 0 deletions

diff --git a/app/markdown.py b/app/markdown.py
new file mode 100644
index 0000000..370d3bb
--- /dev/null
+++ b/app/markdown.py
@@ -0,0 +1,63 @@
+import bleach
+from markdown import Markdown
+from flask import Markup
+
+# Whitelist source: MIT
+#
+# https://github.com/Wenzil/mdx_bleach/blob/master/mdx_bleach/whitelist.py
+
+"""
+Default whitelist of allowed HTML tags. Any other HTML tags will be escaped or
+stripped from the text. This applies to the html output that Markdown produces.
+"""
+ALLOWED_TAGS = [
+	'ul',
+	'ol',
+	'li',
+	'p',
+	'pre',
+	'code',
+	'blockquote',
+	'h1',
+	'h2',
+	'h3',
+	'h4',
+	'h5',
+	'h6',
+	'hr',
+	'br',
+	'strong',
+	'em',
+	'a',
+	'img'
+]
+
+"""
+Default whitelist of attributes. It allows the href and title attributes for <a>
+tags and the src, title and alt attributes for <img> tags. Any other attribute
+will be stripped from its tag.
+"""
+ALLOWED_ATTRIBUTES = {
+	'a': ['href', 'title'],
+	'img': ['src', 'title', 'alt']
+}
+
+"""
+If you allow tags that have attributes containing a URI value
+(like the href attribute of an anchor tag,) you may want to adapt
+the accepted protocols. The default list only allows http, https and mailto.
+"""
+ALLOWED_PROTOCOLS = ['http', 'https', 'mailto']
+
+
+md = Markdown(extensions=["fenced_code"], output_format="html5")
+
+def render_markdown(source):
+	return bleach.clean(md.convert(source), \
+		tags=ALLOWED_TAGS, attributes=ALLOWED_ATTRIBUTES, \
+		styles=[], protocols=ALLOWED_PROTOCOLS)
+
+def init_app(app):
+	@app.template_filter()
+	def markdown(source):
+		return Markup(render_markdown(source))