Markdown in Django XSS safe

Question

I am using Markdown in an app to display a user biography. I want the user to be able to slightly format the biography, so I\'m letting them use the TinyMCE editor.

Answer 1

According to django.contrib.markup.templatetags.markup.markdown's docstrings:

To enable safe mode, which strips raw HTML and only returns HTML generated by actual Markdown syntax, pass "safe" as the first extension in the list.

This should work:

{{ biography|markdown:"safe" }}