Added settings to not escape mailto links in markdown from chunks

[oleast]

What kind of a pull request is this?

• QA / Code Review

Code Checklist

• The code follows dotkom code style
• The code passes the defined tests
• I have added tests for the code I added
• I have provided documentation for the code I added
• The code is ready to be merged

Description of changes

Fixes #1855

default settings for django-markdown-deux is to escape mailto links.

This change lets markdown render unsafe elements.

[sklirg]

Is there a way to whitelist elements rather than turning off safe mode globally for all markdown? I'm not that familiar with what you technically can achieve with markdown in terms of XSS etc., so if this is the only possible solution we should be aware of the risks.

[oleast]

It may or may not be possible to do with a link pattern
Not sure if i understand correctly about the default behavior, if only http(s) and ftp link are supported, or that you could write a link pattern which makes it possible.

[sklirg]

Looks like there's an open issue regarding this: trentm/python-markdown2#257

So yeah, extending the link pattern to include mailto links sounds like the best choice in my opinion.

[plusk]

ahahahh yeah man me too i love link patterns

@oleast, do we "extend the link pattern to include mailto links", accept the potential risks of merging this, or close it?

[oleast]

I would say close it, or merge it. I have tried to get this working with link patterns, and have not been able to do so.

There now seems to be an error in python-markdown2 (trentm/python-markdown2/issues/285) which lets you use XSS, so it's not safe in safe-mode either.

[plusk]

Better safe than sorry! Closing and deleting branch.