diff --git a/src/news/templates/news_detail.html b/src/news/templates/news_detail.html
index 3f800508..676eb89b 100644
--- a/src/news/templates/news_detail.html
+++ b/src/news/templates/news_detail.html
@@ -14,5 +14,5 @@
{% endif %}
{{ news_item.title }} {{ news_item.published_at|date:"Y-m-d" }}
- {{ news_item.content|trustedcommonmark }}
+ {{ news_item.content|trustedcommonmark|urlize }}
{% endblock %}
diff --git a/src/news/templates/news_index.html b/src/news/templates/news_index.html
index 2a7db69b..6e76ceb7 100644
--- a/src/news/templates/news_index.html
+++ b/src/news/templates/news_index.html
@@ -13,7 +13,7 @@ News | {{ block.super }}
- {{ item.content|trustedcommonmark }}
+ {{ item.content|trustedcommonmark|urlize }}
{% if not forloop.last %}
{% endif %}
diff --git a/src/utils/templatetags/commonmark.py b/src/utils/templatetags/commonmark.py
index 8bded1a0..3de4f9ad 100644
--- a/src/utils/templatetags/commonmark.py
+++ b/src/utils/templatetags/commonmark.py
@@ -1,4 +1,5 @@
import commonmark, bleach
+from html5lib.tokenizer import HTMLTokenizer
from django import template
from django.utils.safestring import mark_safe
@@ -7,21 +8,22 @@ from django.template.defaultfilters import stringfilter
register = template.Library()
-@register.filter
+@register.filter(is_safe=True)
@stringfilter
def trustedcommonmark(value):
"""Returns HTML given some commonmark Markdown. Also allows real HTML, so do not use this with untrusted input."""
parser = commonmark.Parser()
renderer = commonmark.HtmlRenderer()
ast = parser.parse(value)
- return mark_safe(renderer.render(ast))
+ return bleach.linkify(renderer.render(ast), skip_pre=True, parse_email=True, tokenizer=HTMLTokenizer)
-@register.filter
+
+@register.filter(is_safe=True)
@stringfilter
def untrustedcommonmark(value):
"""Returns HTML given some commonmark Markdown. Cleans actual HTML from input using bleach, suitable for use with untrusted input."""
parser = commonmark.Parser()
renderer = commonmark.HtmlRenderer()
ast = parser.parse(bleach.clean(value))
- return mark_safe(renderer.render(ast))
+ return bleach.linkify(renderer.render(ast), skip_pre=True, parse_email=True, tokenizer=HTMLTokenizer)