Skip to content

Commit

Permalink
Process HTML comments as markdown in 'escape' safe mode
Browse files Browse the repository at this point in the history
  • Loading branch information
Crozzers committed Feb 17, 2024
1 parent 749ee72 commit 6a13cef
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 4 deletions.
23 changes: 19 additions & 4 deletions lib/markdown2.py
Original file line number Diff line number Diff line change
Expand Up @@ -1458,15 +1458,30 @@ def _is_code_span(index, token):

return re.match(r'<code>md5-[A-Fa-f0-9]{32}</code>', ''.join(peek_tokens))

def _is_comment(token):
if self.safe_mode == 'replace':
# don't bother processing each section of comment in replace mode. Just do the whole thing
return
return re.match(r'(<!--)(.*)(-->)', token)

def _hash(token):
key = _hash_text(token)
self.html_spans[key] = token
return key

tokens = []
split_tokens = self._sorta_html_tokenize_re.split(text)
is_html_markup = False
for index, token in enumerate(split_tokens):
if is_html_markup and not _is_auto_link(token) and not _is_code_span(index, token):
sanitized = self._sanitize_html(token)
key = _hash_text(sanitized)
self.html_spans[key] = sanitized
tokens.append(key)
is_comment = _is_comment(token)
if is_comment:
tokens.append(_hash(self._sanitize_html(is_comment.group(1))))
# sanitise but leave comment body intact for further markdown processing
tokens.append(self._sanitize_html(is_comment.group(2)))
tokens.append(_hash(self._sanitize_html(is_comment.group(3))))
else:
tokens.append(_hash(self._sanitize_html(token)))
else:
tokens.append(self._encode_incomplete_tags(token))
is_html_markup = not is_html_markup
Expand Down
3 changes: 3 additions & 0 deletions test/tm-cases/escape_html_comments_safe_mode.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
<p><em>foo</em> &lt;!-- <em>bar</em></p>

<p><em>foo</em> &lt;!-- <em>bar</em> --&gt;</p>
1 change: 1 addition & 0 deletions test/tm-cases/escape_html_comments_safe_mode.opts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{'safe_mode': 'escape'}
3 changes: 3 additions & 0 deletions test/tm-cases/escape_html_comments_safe_mode.text
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
*foo* <!-- *bar*

*foo* <!-- *bar* -->

0 comments on commit 6a13cef

Please sign in to comment.