[Zope3-Users] Disable raw directive in restructured text

[Martijn Pieters]

On 3/15/07, Florian Lindner <mailinglists at xgm.de> wrote:
> I've found out it could partly be achieved by using:
>
>     def convertToHTML(self, comment):
>         """ Converts a comment from restructured text to HTML. """
>         text = unicode(comment.content)
>         settings_override = {}
>         settings_override["raw_enabled"] = False
>         settings_override["file_insertion_enabled"] = False
>         # settings_override["report_level"] = "quiet"
>         renderer = ReStructuredTextToHTMLRenderer(text, self.request)
>         return renderer.render(settings_override).strip()
>
> but now a raw directive generates an error message whereas it is completely
> swallowed when uncommenting the report_level.

Note that you should really read the following:

  http://docutils.sourceforge.net/docs/howto/security.html

You'll have to disable the include and csv-table directives as well.

-- 
Martijn Pieters