Main Website →
|md
The |md filter converts the value from Markdown to HTML format.
{{ '**Text** is bold.'|md }}
The above will output the following:
<strong>Text</strong> is bold.
See the Markdown Parser article for more details on using Markdown.
# |md_safe
The |md_safe filter will parse Markdown with safe mode enabled, that completely escapes all HTML except for basic HTML generated by Markdown syntax. In short, it means HTML markup is escaped plus defence against where the Markdown syntax offers scripting capabilities. Only specific "safe" HTML protocols can be used, for example, https://, ftps://, mailto:, etc.
The following JavaScript will not execute:
{{ '<a href="javascript:alert(1)">click me</a>'|md_safe }}
# |md_clean
The md_clean filter will parse Markdown with more HTML support than |md_safe because it uses a sanitizer to remove any potentially dangerous code.
{{ '<script>alert(1)</script>'|md_clean }}
# See Also
← |raw ajaxHandler() →