From 944e4846847abc9b252f9b016158e336ffb77443 Mon Sep 17 00:00:00 2001 From: fluffy Date: Sat, 10 Oct 2020 13:21:05 -0700 Subject: [PATCH] Add HTML escaping to code blocks (#631) --- isso/tests/test_html.py | 10 ++++++++++ isso/utils/html.py | 5 +++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/isso/tests/test_html.py b/isso/tests/test_html.py index f7f497c..f92f30a 100644 --- a/isso/tests/test_html.py +++ b/isso/tests/test_html.py @@ -98,3 +98,13 @@ class TestHTML(unittest.TestCase): self.assertIn(renderer("http://example.org/ and sms:+1234567890"), ['

http://example.org/ and sms:+1234567890

', '

http://example.org/ and sms:+1234567890

']) + + def test_code_blocks(self): + convert = html.Markdown(extensions=('fenced-code',)) + examples = [ + ("```\nThis is a code-fence. \n```", "

This is a code-fence. <hello>\n

"), + ("```c++\nThis is a code-fence. \n```", "

This is a code-fence. <hello>\n

"), + (" This is a four-character indent. ", "

This is a four-character indent. <hello>\n

")] + + for (input, expected) in examples: + self.assertEqual(convert(input), expected) diff --git a/isso/utils/html.py b/isso/utils/html.py index 1bbd8e6..a694562 100644 --- a/isso/utils/html.py +++ b/isso/utils/html.py @@ -1,6 +1,7 @@ # -*- encoding: utf-8 -*- from __future__ import unicode_literals +import html import bleach import misaka @@ -74,8 +75,8 @@ class Unofficial(misaka.HtmlRenderer): """ def blockcode(self, text, lang): - lang = ' class="{0}"'.format(lang) if lang else '' - return "
{0}
\n".format(text, lang) + lang = ' class="{0}"'.format(html.escape(lang)) if lang else '' + return "
{0}
\n".format(html.escape(text,False), lang) class Markup(object):