changeset 2873:e1207b8ad97c

plugin text syntaxes: disable raw HTML parsing in mardown by default
author Goffi <goffi@goffi.org>
date Mon, 25 Mar 2019 08:14:00 +0100
parents 6b00f88316bf
children da0193ae1c24
files sat/plugins/plugin_misc_text_syntaxes.py
diffstat 1 files changed, 13 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/sat/plugins/plugin_misc_text_syntaxes.py	Mon Mar 25 07:08:26 2019 +0100
+++ b/sat/plugins/plugin_misc_text_syntaxes.py	Mon Mar 25 08:14:00 2019 +0100
@@ -17,12 +17,13 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import re
+from cgi import escape
+from functools import partial
 from sat.core.i18n import _, D_
 from sat.core.constants import Const as C
 from sat.core.log import getLogger
 
-log = getLogger(__name__)
-
 from twisted.internet import defer
 from twisted.internet.threads import deferToThread
 from sat.core import exceptions
@@ -36,9 +37,8 @@
     raise exceptions.MissingModule(
         u"Missing module lxml, please download/install it from http://lxml.de/"
     )
-from cgi import escape
-import re
 
+log = getLogger(__name__)
 
 CATEGORY = D_("Composition")
 NAME = "Syntax"
@@ -199,6 +199,14 @@
         )
         try:
             import markdown, html2text
+            from markdown.extensions import Extension
+
+            # XXX: we disable raw HTML parsing by default, to avoid parsing error
+            #      when the user is not aware of markdown and HTML
+            class EscapeHTML(Extension):
+                def extendMarkdown(self, md):
+                    md.preprocessors.deregister('html_block')
+                    md.inlinePatterns.deregister('html')
 
             def _html2text(html, baseurl=""):
                 h = html2text.HTML2Text(baseurl=baseurl)
@@ -207,7 +215,7 @@
 
             self.addSyntax(
                 self.SYNTAX_MARKDOWN,
-                markdown.markdown,
+                partial(markdown.markdown, extensions=[EscapeHTML()]),
                 _html2text,
                 [TextSyntaxes.OPT_DEFAULT],
             )