Customization¶

Settings¶

INSTALLED_APPS = (
    # [...]
    'markdownx',
)

You may place and alter any of you the variables as follows in your settings.py to override default behaviours.

Customization¶

All customizations concerning the back-end behaviour of MarkdownX may be applied from the settings.py file.

Markdownify¶

Default function that compiles markdown using defined extensions. Using custom function can allow you to pre-process or post-process markdown text. See below for more info.

MARKDOWNX_MARKDOWNIFY_FUNCTION = 'markdownx.utils.markdownify'

Markdown Extensions¶

List of Markdown extensions that you would like to use. See below for additional information.

MARKDOWNX_MARKDOWN_EXTENSIONS = []

Configuration object for used markdown extensions.

MARKDOWNX_MARKDOWN_EXTENSION_CONFIGS = {}

Markdown URLs¶

URL that trans-compiles the Markdown text and returns HTML.

MARKDOWNX_URLS_PATH = '/markdownx/markdownify/'

URL that accepts file uploads (images) and returns markdown formatted text for the image.

MARKDOWNX_UPLOAD_URLS_PATH = '/markdownx/upload/'

Media Path¶

Path, where images will be stored in MEDIA_ROOT folder.

MARKDOWNX_MEDIA_PATH = 'markdownx/'

Image¶

Maximum image size allowed in bytes: Default is 50MB, which is equal to 52,428,800 bytes.

Tip

It is considered a good practice to display large numbers in a meaningful way. For instance, 52,438,800 bytes is better displayed in code as = 50 * 1024 * 1024 # 50 MB in bytes instead.

MARKDOWNX_UPLOAD_MAX_SIZE = 50 * 1024 * 1024

Acceptable file content types (image formats):

MARKDOWNX_UPLOAD_CONTENT_TYPES = ['image/jpeg', 'image/png', 'image/svg+xml']

Different options describing final image processing; e.g. size and compression.

Note

Quality restrictions do not apply to image/svg+xml formatted graphics.

MARKDOWNX_IMAGE_MAX_SIZE = {'size': (500, 500), 'quality': 90,}

Security¶

SVG graphics are in essence XML files formatted in a specific way; which means that they can contain JavaScript codes. This introduces a potential front-end security vulnerability for prospective users who will see the SVG image in context; e.g. it may be employed to collect the user’s IP address or other personal information.

Note

This type of attack is known as XSS (Cross-site Scripting) attack. See this presentation by Mario Heiderich to learn more on SVG XSS attacks. There are a number of ways to deal with this vulnerability.

Django is great at security, and provides very good protection against XSS attacks (see the documentations for additional information) providing the CSRF protection middleware is enabled. When it comes to AJAX requests, however, CSRF protection may sometimes be disabled for various reasons.

Important

MarkdownX does not disable CSRF protection by default.

As a last resort, however, we have included an optional integrity check against JavaScript tags for SVG formatted files just in case everything else is disabled. This protection is enabled by default, and may be disabled by setting the value to False if so is desired.

MARKDOWNX_SVG_JAVASCRIPT_PROTECTION = True

Editor¶

Change the editor’s height to match the height of the inner contents whilst typing:

MARKDOWNX_EDITOR_RESIZABLE = True