# HG changeset patch # User Goffi # Date 1553498040 -3600 # Node ID e1207b8ad97cb1c70b6e8bdc18733c2dc18cf18c # Parent 6b00f88316bf4eb861d83e7e6784e6c278fd7afb plugin text syntaxes: disable raw HTML parsing in mardown by default diff -r 6b00f88316bf -r e1207b8ad97c sat/plugins/plugin_misc_text_syntaxes.py --- a/sat/plugins/plugin_misc_text_syntaxes.py Mon Mar 25 07:08:26 2019 +0100 +++ b/sat/plugins/plugin_misc_text_syntaxes.py Mon Mar 25 08:14:00 2019 +0100 @@ -17,12 +17,13 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +import re +from cgi import escape +from functools import partial from sat.core.i18n import _, D_ from sat.core.constants import Const as C from sat.core.log import getLogger -log = getLogger(__name__) - from twisted.internet import defer from twisted.internet.threads import deferToThread from sat.core import exceptions @@ -36,9 +37,8 @@ raise exceptions.MissingModule( u"Missing module lxml, please download/install it from http://lxml.de/" ) -from cgi import escape -import re +log = getLogger(__name__) CATEGORY = D_("Composition") NAME = "Syntax" @@ -199,6 +199,14 @@ ) try: import markdown, html2text + from markdown.extensions import Extension + + # XXX: we disable raw HTML parsing by default, to avoid parsing error + # when the user is not aware of markdown and HTML + class EscapeHTML(Extension): + def extendMarkdown(self, md): + md.preprocessors.deregister('html_block') + md.inlinePatterns.deregister('html') def _html2text(html, baseurl=""): h = html2text.HTML2Text(baseurl=baseurl) @@ -207,7 +215,7 @@ self.addSyntax( self.SYNTAX_MARKDOWN, - markdown.markdown, + partial(markdown.markdown, extensions=[EscapeHTML()]), _html2text, [TextSyntaxes.OPT_DEFAULT], )