diff --git a/src/pretix/base/templatetags/rich_text.py b/src/pretix/base/templatetags/rich_text.py
new file mode 100644
index 000000000..5ca9b48be
--- /dev/null
+++ b/src/pretix/base/templatetags/rich_text.py
@@ -0,0 +1,45 @@
+import bleach
+import markdown
+from django import template
+from django.utils.safestring import mark_safe
+
+register = template.Library()
+
+ALLOWED_TAGS = [
+ 'a',
+ 'abbr',
+ 'acronym',
+ 'b',
+ 'blockquote',
+ 'code',
+ 'em',
+ 'i',
+ 'li',
+ 'ol',
+ 'strong',
+ 'ul',
+ 'p',
+ 'table',
+ 'tbody',
+ 'thead',
+ 'tr',
+ 'td',
+ 'th',
+]
+
+ALLOWED_ATTRIBUTES = {
+ 'a': ['href', 'title'],
+ 'abbr': ['title'],
+ 'acronym': ['title'],
+ 'table': ['width'],
+ 'td': ['width', 'align'],
+}
+
+
+@register.filter
+def rich_text(text: str, **kwargs):
+ """
+ Processes markdown and cleans HTML in a text input.
+ """
+ body_md = bleach.linkify(bleach.clean(markdown.markdown(text), tags=ALLOWED_TAGS, attributes=ALLOWED_ATTRIBUTES))
+ return mark_safe(body_md)
diff --git a/src/pretix/presale/templates/pretixpresale/event/index.html b/src/pretix/presale/templates/pretixpresale/event/index.html
index c2c1f8204..12e9149ec 100644
--- a/src/pretix/presale/templates/pretixpresale/event/index.html
+++ b/src/pretix/presale/templates/pretixpresale/event/index.html
@@ -4,7 +4,7 @@
{% load eventurl %}
{% load thumbnail %}
{% load eventsignal %}
-{% load markup_tags %}
+{% load rich_text %}
{% block title %}{% trans "Presale" %}{% endblock %}
{% block content %}
@@ -69,7 +69,7 @@
{% endif %}
{% if frontpage_text %}
- {{ frontpage_text|apply_markup:"markdown"|linebreaks }}
+ {{ frontpage_text|rich_text }}
{% endif %}
{% eventsignal event "pretix.presale.signals.front_page_top" %}
{% if event.presale_is_running or event.settings.show_items_outside_presale_period %}
@@ -81,7 +81,7 @@
{% if tup.0 %}
{{ tup.0.name }}
{% if tup.0.description %}
- {{ tup.0.description|localize|apply_markup:"markdown" }}
+ {{ tup.0.description|localize|rich_text }}
{% endif %}
{% endif %}
{% for item in tup.1 %}
@@ -100,7 +100,7 @@
{{ item.name }}
- {% if item.description %}{{ item.description|localize|apply_markup:"markdown" }}
+ {% if item.description %}{{ item.description|localize|rich_text }}
{% endif %}
@@ -176,7 +176,7 @@
{% endif %}
{{ item.name }}
{% if item.description %}
-
{{ item.description|localize|apply_markup:"markdown" }}
{% endif %}
+
{{ item.description|localize|rich_text }}
{% endif %}
{% if event.settings.show_quota_left %}
{% include "pretixpresale/event/fragment_quota_left.html" with avail=item.cached_availability %}
{% endif %}
diff --git a/src/pretix/presale/templates/pretixpresale/event/voucher.html b/src/pretix/presale/templates/pretixpresale/event/voucher.html
index e5a0c1d40..b5df5273a 100644
--- a/src/pretix/presale/templates/pretixpresale/event/voucher.html
+++ b/src/pretix/presale/templates/pretixpresale/event/voucher.html
@@ -4,7 +4,7 @@
{% load eventurl %}
{% load eventsignal %}
{% load thumbnail %}
-{% load markup_tags %}
+{% load rich_text %}
{% block title %}{% trans "Voucher redemption" %}{% endblock %}
{% block content %}
@@ -36,7 +36,7 @@
{% endif %}
{{ item.name }}
- {% if item.description %}
{{ item.description|localize|apply_markup:"markdown" }}
{% endif %}
+ {% if item.description %}
{{ item.description|localize|rich_text }}
{% endif %}
{% if item.min_price != item.max_price or item.free_price %}
@@ -110,7 +110,7 @@
{% endif %}
{{ item.name }}
{% if item.description %}
-
{{ item.description|localize|apply_markup:"markdown" }}
{% endif %}
+
{{ item.description|localize|rich_text }}
{% endif %}
{% if item.free_price %}
diff --git a/src/pretix/presale/views/event.py b/src/pretix/presale/views/event.py
index 8a112162e..7d0566131 100644
--- a/src/pretix/presale/views/event.py
+++ b/src/pretix/presale/views/event.py
@@ -99,6 +99,7 @@ class EventIndex(EventViewMixin, CartMixin, TemplateView):
context['vouchers_exist'] = vouchers_exist
context['cart'] = self.get_cart()
+
context['frontpage_text'] = str(self.request.event.settings.frontpage_text)
return context