Index: marksmarty.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/marksmarty/marksmarty.module,v
retrieving revision 1.21
diff -u -p -r1.21 marksmarty.module
--- marksmarty.module	22 Jan 2008 22:25:27 -0000	1.21
+++ marksmarty.module	11 Feb 2008 22:41:17 -0000
@@ -114,9 +114,21 @@ function marksmarty_help($path = 'admin/
 function _marksmarty_process($text, $format) {
   require_once(dirname(__FILE__) .'/markdown.php');
   require_once(dirname(__FILE__) .'/smartypants.php');
+  
   if (variable_get("marksmarty_is_markdown_on_$format", 1) == 1) {
-    $text = Markdown($text);
+    if (variable_get("marksmarty_markdown_no_markup_$format", 0) == 1) {
+      // use special markdown parser to escape unwanted html tags
+      require_once(dirname(__FILE__).'/no-markup_markdown.php');
+
+      $text = MarkdownWithoutMarkup($text, variable_get("marksmarty_markdown_allowed_html_$format", ''));
+
+      $text = filter_xss_admin($text);
+    } else {
+      // default markdown parser
+      $text = Markdown($text);
+    }
   }
+  
   if (variable_get("marksmarty_is_smarty_on_$format", 1) == 1) {
     global $smartypants_attr;
     $smartypants_attr = variable_get("marksmarty_smarty_hyphens_$format", 0) + 1;
@@ -144,6 +156,18 @@ function _marksmarty_settings($format) {
     '#default_value' => variable_get("marksmarty_is_markdown_on_$format", 1),
     '#options' => array(0 => t('No'), 1 => t('Yes')),
   );
+  $form['markdown_settings']["marksmarty_markdown_no_markup_$format"] = array(
+    '#type' => 'select',
+    '#title' => t('Disable HTML markup in Markdown?'),
+    '#default_value' => variable_get("marksmarty_markdown_no_markup_$format", 0),
+    '#options' => array(0 => t('No'), 1 => t('Yes')),
+  );
+  $form['markdown_settings']["marksmarty_markdown_allowed_html_$format"] = array(
+    '#type' => 'textfield',
+    '#title' => t('HTML tag whitelist'),
+    '#description' => t('only applies when markup is disabled (see above)'),
+    '#default_value' => variable_get("marksmarty_markdown_allowed_html_$format", ''),
+  );
   $form['markdown_settings']["marksmarty_is_smarty_on_$format"] = array(
     '#type' => 'select',
     '#title' => t('Enable SmartyPants?'),