This stops the editor receiving a TAB event if using CTRL-TAB to cycle browser tabs. Otherwise the tab works as it should.

Related to #66.

~~One problem though, not entirely sure how to deal with it. While the tab does get ignored when doing CTRL+TAB, for some reason the cursor jumps to the end of the text area. I'm not sure what to do about that.~~

Hi there

I'm new here, and I'm having an issue rendering markdownx to HTML. I use this tag :

{{ post.content|safe }}

But it's not working. And I cannot find in the docs (Maybe I missed it?)

Thank you!

It can be useful to insert more that just a markdown image tag, for example to provide additional control on the layout of images. Since there's no convenient way to handle this on the JavaScript side, we generate the code to insert in Python. Then it can be overridden with the existing extensibility mechanism, that is, with a custom view.

This allow to use CSRF_USE_SESSIONS = True which store crsf token in session instead of cookies. It checks if csrf token found in cookies otherwise try to get csrf token in session.

I have a problem to develop using this package.

class MyModelForm(forms.ModelForm):
  class Meta:
    model = MyModel
    field_classes = {'content': MarkdownxFormField,}
    widgets = {'content': MarkdowxWidget(attrs={'class':'form-control'})}

So I override your function 'render' and merge attrs and self.attrs and it works. Also, I think it will handle this problem.

class MarkdownxWidgetImproved(MarkdownxWidget):
  def render(self, name, value, attrs=None):
    allAttrs = {**attrs, **self.attrs}
    return super(MarkdownxWidgetImproved, self).render(name, value, allAttrs)

I request pull, but canceled because I expect that that code doesn't work when attrs is None.

Hi.

I have successfully configured markdown field and it works fine in the admin:

I also use it in my custom form on frontend, but unfortunately, the preview does not work. I can see the requests in the "Network" tab in the Google Chrome Developer Tools and I see the response is correctly returned:

I debugged markdown.js file at line 477:

xhr.success = function (response) {
    console.log('success');
    console.log(response);
    properties.preview.innerHTML = response;
    properties.editor = updateHeight(properties.editor);
    utils_1.triggerCustomEvent('markdownx.update', properties.parent, [response]);
};

and the result is, that "response" variable is always null:

Any idea what can cause the issue?

pip:

Django==2.0.2
django-markdownx==2.0.22

Description

A security problem exists when markdownx.js dynamically interprets the content of the form without first checking the content. The application is vulnerable to XSS attack.

Versions

• django 1.11.13 and 2.2.5,
• python 2.7.16 and 3.7.4.
• django-markdownx 2.0.28.

Preview

Hello,

I would expect line breaks to be parsed in code blocks.

For example, the markdown

```javascript var x = 1; var y = 2; ``` should render, much like it does on Github, as

var x = 1;
var y = 2;

Instead, markdownx renders it as

var x = 1; var y = 2;

Is that intentional or am I missing something?

Thank you for building markdownx! -- Niko

• Rectified the error causing image size alteration for non-svg images being ignored.
• Additionally, broke down pieces of code into task-specific functions inline with functional/OOP programming best practices, but also to make them easier to read and debug.
• image/xml+svg is now included in the default settings.
• Also tested on Python 3.6 - works perfectly fine.

Reminder: This would require a minor version change + pipy update as the error I found was preventing the application from performing one of the preceding features.

Hello, can you help me ? :smile: I don`t know how to show my markdown data on template. I have something like

<h1>{{ post.title }}</h1>
<p>{{ post.text }}</p>
<p>{{ post.markdown }}</p>

and i see only

title
text
#text1 ![](/media/markdownx/ab3bfac7-7509-411a-96c8-11aebc20b873.jpg)

but i want compiled version (with image) Could you explain how templates with markdownx work ? Or create some exaple with that ? :smile:

When working on https://github.com/neutronX/django-markdownx/issues/143 i noticed the view opacity is not reset after uploading an invalid image. Proposal: remove return null on this line, so the properties.editor.style.opacity = NORMAL_OPACITY; is called correctly. https://github.com/neutronX/django-markdownx/blob/master/markdownx/static/markdownx/js/markdownx.js#L457

What is the reason to return null here?

Bumps actions/checkout from 2.3.2 to 3.2.0.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Instead of importing the markdownify function every time the view's POST method is called, instead import it at global scope.

Example:

markdownify_func = import_string(MARKDOWNX_MARKDOWNIFY_FUNCTION)

class MarkdownifyView(View):
    """
    Conversion of Markdown to HTML.
    """

    def post(self, request, *args, **kwargs):
        """
        Handling of the conversion from Markdown to HTML using the conversion
        function in settings under ``MARKDOWNX_MARKDOWNIFY_FUNCTION``.

        :param request: HTTP request.
        :param args: Default Django POST arguments.
        :param kwargs: Default Django POST keyword arguments.
        :return: HTTP response
        :rtype: django.http.HttpResponse
        """
        # Function used to be imported every POST request. 
        return HttpResponse(markdownify_func(request.POST['content']))

Bumps actions/setup-python from 2 to 4.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

        var cookies = document.cookie
            .split(';')
            .filter(function (cookie) { return cookie.indexOf(name + "=") === 0; })[0];

code works when cookie is csrftoken=xyz; abc=def but fails on abc=def; csrftoken=xyz

The last release on PyPI can't work with Django 4.0 because of the API shift in Django.

The current code does work, and we're putting it in production.

It's mildly inconvenient to have to pin our requirements to a Git commit ID, though. Would it be possible to get a PyPI-uploaded version for Django 4.0?