summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Bump version to 3.3.53.3.5Waylan Limberg2021-11-162-2/+2
|
* Support Python 3.10Waylan Limberg2021-11-165-12/+16
| | | Fixes #1124.
* Ensure <summary> tags are parsed correctly.Waylan Limberg2021-11-034-3/+25
| | | | Fixes #1079.
* Fix one more misplaced changelog entryDmitry Shachnev2021-08-112-2/+2
| | | | | | PR #1102 was included in 3.3.4, not 3.3.0. Also fix a typo in another changelog entry.
* Improve email address validation for Automatic LinksCarlos2021-08-113-4/+68
|
* Fix changelog entry in wrong placefacelessuser2021-08-092-1/+1
| | | | | Changelog entry from hash e11cd255cae5fd3c5ef5fdd6352cd28e212fd328 was placed in the wrong place.
* Re-use compiled regex for block level checksHebaruSan2021-08-092-1/+4
|
* Don't process shebangs in codehilite when processing fenced codeIsaac Muse2021-08-045-3/+37
| | | Fixes #1156.
* Fix cache error in CIfacelessuser2021-08-041-1/+1
| | | | | If cache is desired, we should look into this in the future and do it properly.
* Remove download_url from setup.py (#1164)Waylan Limberg2021-07-301-1/+0
| | | | This is an old, outdated key which is simply moved into `project_urls`. As it offers no value, it is being removed. Fixes Python-Markdown#1163.
* Better toc detectionCharles de Beauchesne2021-07-273-1/+15
| | | Fixes #1160.
* add cache to workflows using actions/setup-nodeOscar Dominguez2021-07-061-1/+2
|
* document footnote's need for reset() between multiple runsPeter Kaminski2021-07-061-0/+28
| | | | | | The footnote docs page doesn't mention the need to run `reset()` between multiple runs of the `markdown.Markdown` class. This change adapts and adds language from the `extensions/api.md` page to explain what to do and why.
* Remove SO attributions to sidestep licensing greynessJarek Głowacki2021-07-011-9/+12
|
* Newline at end of READMEAli Hosseinverdi2021-06-151-0/+1
|
* Fix missing space in CLI option helpjohnthagen2021-06-011-1/+1
|
* Fix link to extensions tutorialJannis Vajen2021-05-261-1/+1
| | | The previous link was pointing at a stale wiki page.
* Fix cubic ReDoS in fenced code and referencesB. Caller2021-05-072-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Two regular expressions were vulerable to Regular Expression Denial of Service (ReDoS). Crafted strings containing a long sequence of spaces could cause Denial of Service by making markdown take a long time to process. This represents a vulnerability when untrusted user input is processed with the markdown package. ReferencesProcessor: https://github.com/Python-Markdown/markdown/blob/4acb949256adc535d6e6cd8/markdown/blockprocessors.py#L559-L563 e.g.: ```python import markdown markdown.markdown('[]:0' + ' ' * 4321 + '0') ``` FencedBlockPreprocessor (requires fenced_code extension): https://github.com/Python-Markdown/markdown/blob/a11431539d08e14b0bd821c/markdown/extensions/fenced_code.py#L43-L54 e.g.: ```python import markdown markdown.markdown('```' + ' ' * 4321, extensions=['fenced_code']) ``` Both regular expressions had cubic worst-case complexity, so doubling the number of spaces made processing take 8 times as long. The cubic behaviour can be seen as follows: ``` $ time python -c "import markdown; markdown.markdown('[]:0' + ' ' * 1000 + '0')" python -c "import markdown; markdown.markdown('[]:0' + ' ' * 1000 + '0')" 1.25s user 0.02s system 99% cpu 1.271 total $ time python -c "import markdown; markdown.markdown('[]:0' + ' ' * 2000 + '0')" python -c "import markdown; markdown.markdown('[]:0' + ' ' * 2000 + '0')" 9.01s user 0.02s system 99% cpu 9.040 total $ time python -c "import markdown; markdown.markdown('[]:0' + ' ' * 4000 + '0')" python -c "import markdown; markdown.markdown('[]:0' + ' ' * 4000 + '0')" 74.86s user 0.27s system 99% cpu 1:15.38 total ``` Both regexes had three `[ ]*` groups separated by optional groups, in effect making the regex `[ ]*[ ]*[ ]*`. Discovered using [regexploit](https://github.com/doyensec/regexploit).
* Fix minor typosMatthieu Bacconnier2021-05-021-6/+6
|
* toc: Do not remove diacritical marks when slugify_unicode is usedDmitry Shachnev2021-03-243-8/+25
| | | | | | | Update the existing test and add a new one to make sure that the behavior of default slugify function has not changed. Fixes #1118.
* Bump version to 3.3.43.3.4Waylan Limberg2021-02-242-2/+2
|
* Ensure permalinks and ankorlinks are not restricted by toc_depthWaylan Limberg2021-02-246-217/+426
| | | | | | | | | | | | This fixes a regression which was introduced with support for toc_depth. Relevant tests have been moved and updated to the new framework. Fixes #1107. The test framework also received an addition. The assertMarkdownRenders method now accepts a new keyword expected_attrs which consists of a dict of attrs and expected values. Each is checked against the attr of the Markdown instance. This was needed to check the value of md.toc and md.toc_tokens in some of the included tests.
* Fix minor grammatical errorTani N-K2021-02-151-1/+1
| | | | Corrected "shorte" to "short"
* Replace links to freewisdom.orgWaylan Limberg2021-02-064-6/+5
| | | | | | | | | Yuri's site (freewisdom.org) has gone offline. I have linked to his GitHub profile instead. Also, the developer's email address (markdown@freewisdom.org) has been replaced with a new address (python.markdown@gmail.com). The new address simply forwards all incoming messages to the project developer (@waylan) and deletes the messages.
* Ensure admonition content is detabbed properlyIsaac Muse2021-02-054-11/+48
|
* Add an HtmlStash section to docsCris Luengo2021-01-281-0/+19
|
* Preserve text immediately before an admonitionOleh Prypin2020-12-303-0/+24
|
* Optimize away a `len` call in InlineProcessorOleh Prypin2020-12-211-1/+2
| | | | | | - just get the length once at the beginning. The gains are tiny but when the total number of calls to these is in the hundreds of thousands, it makes a sizeable difference.
* Replace effbot.org linksWaylan Limberg2020-12-081-4/+3
| | | | | | | effbot.org was the old site for ElementTree from before it was added to the Python standard library. We now link to the standard library which is up-to-date and avoid bad links to a third-party site which is currently down.
* Use simplified regex for html placeholders (#1086)Waylan Limberg2020-12-083-2/+26
| | | Co-authored-by: Reilly Raab <raabrp@gmail.com>
* Add quick start documentation (#1078)nathanfdunn2020-11-301-3/+13
|
* Properly parse unclosed tags in code spansWaylan Limberg2020-11-234-0/+158
| | | | | | | * fix unclosed pi in code span * fix unclosed dec in code span * fix unclosed tag in code span Closes #1066.
* Properly parse processing instructions in md_in_htmlWaylan Limberg2020-11-193-4/+52
| | | | | | | Empty tags do not have a `mardkown` attribute set on them. Therefore, there is no need to check the mdstack to determine behavior. If we are in any md_in_html state (regardless of block, span, etc) the behavior is the same. Fixes #1070.
* Properly parse code spans in md_in_html (#1069)Waylan Limberg2020-11-184-15/+92
| | | | | | | | | | This reverts part of 2766698 and re-implements handling of tails in the same manner as the core. Also, ensure line_offset doesn't raise an error on bad input (see #1066) and properly handle script tags in code spans (same as in the core). Fixes #1068.
* Bump version to 3.3.33.3.3Waylan Limberg2020-10-252-2/+2
|
* Fix issues related to hr tagsIsaac Muse2020-10-245-6/+271
| | | | | | | | | | | Ensure that start/end tag handler does not include tags in the previous paragraph. Provide special handling for tags like hr that never have content. Use sets for block tag lists as they are much faster when comparing if an item is in the list. Fixes #1053.
* Avoid catastrophic backtracking in `hr` regexWaylan Limberg2020-10-243-5/+28
| | | | Fixes #1055.
* Add require_changelog workflow action (#1051)Waylan Limberg2020-10-231-0/+24
| | | | | | | | | | | | | This action checks that an update was made to any file in docs/change_log/ but only if changes were made to files in markdown/. Presumably, any changes outside of markdown/ do not affect the behavior and do not require a notation in the change_log. If the proper permissions are available, a comment is added to the PR informing the PR author that an update to the changelog is missing. However, any PR's from forks do not have permission on the pull_request event. Unfortunately, the pull_request_target event doesn't seem to work at all. However, as the action only attempts to add a comment on failure, we only get a failure in the correct conditions, even if the error message is related to auth.
* Ensure when tag text is None that it is converted to empty stringIsaac Muse2020-10-213-0/+21
| | | Fixes #1049
* Unify all block-level tags. (#1048)Waylan Limberg2020-10-205-36/+37
| | | | | | Use the list of tags defined in the core by the md_in_html extension. This ensures that the lists do not diverge and allows users and/or extensions to expand the list in the core and have that change affect the extension. Fixes #1047.
* Bump version to 3.3.23.3.2Waylan Limberg2020-10-193-1/+36
|
* Properly parse inline HTML in md_in_htmlIsaac Muse2020-10-192-5/+191
| | | Fixes #1040 and fixes #1045.
* Account for Etree Elements in HTML StashWaylan Limberg2020-10-143-2/+33
| | | | | | | | | | | | | | | | By calling str on all stash elements we ensure they don't raise an error. Worse case, soemthing like `<Element 'div' at 0x000001B2DAE94900>` gets inserted into the output. However, with the override in the md_in_html extension, we actually serialize and reinsert the original HTML. Worse case, an HTML block which should be parsed as Markdown gets skipped by the extension (`<div markdown="block"></div>` gets inserting into the output). The tricky part is testing as there should be no known cases where this ever occurs. Therefore, we forefully pass an etree Element directly to the method in the test. That said, as #1040 is unresolved at this point, I have tested locally with a real existing case and it works well. Related to #1040.
* Bump version to 3.3.13.3.1Waylan Limberg2020-10-123-5/+5
|
* Correctly parse raw `script` and `style` tags. (#1038)Waylan Limberg2020-10-123-0/+156
| | | | | | | * Ensure unclosed script tags are parsed correctly by providing a workaround for https://bugs.python.org/issue41989. * Avoid cdata_mode outside of HTML blocks, such as in inline code spans. Fixes #1036.
* Skip tests with pygments version mismatch.Waylan Limberg2020-10-082-261/+282
| | | | | | | | If pygments is installed and the version doesn't match the expected version. then any relevant tests will fail. To avoid failing tests due to different output by pygments, those tests will be skipped. The pygments tox env sets the `PYGMENTS_VERSION environment variable, so that env will always run those tests against the expected version.
* Some test tweaks.Waylan Limberg2020-10-083-4/+14
| | | | | | | | | | * Pygments specific tests now only run when the pygments version installed matches the expected version. That version is defined in an environment variable (PYGMENTS_VERSION) in the 'pygments' tox env (see #1030). * When the Python lib tidylib is installed but the underlying c lib is not, the relevant tests are now skipped rather than fail. This matches the behavior when the Python lib is not installed. The tox envs are now useful on systems which don't have the c lib installed.
* Ensure consistent handling of classes by fenced_code and codehilite (#1033)Waylan Limberg2020-10-084-27/+30
| | | | | | | * All non-language classes should always be assigned to the pre tag. * The language identifying class should never be included with the general list of classes. Fixes #1032
* Update tests for pygments-2.7.1Michał Górny2020-10-073-13/+13
| | | | Closes #1030
* Bump version to 3.3.3.3Waylan Limberg2020-10-062-2/+2
|
View Lorry Controller Status