| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
| |
Cleaned up the release notes.
|
| |
|
|
|
|
|
|
|
|
| |
By unescaping backslash escapes in a treeprocessor, the text is properly
escaped during serialization. Fixes #1131.
As it is recognized that various third-party extensions may be calling the
old class at `postprocessors.UnescapePostprocessor` the old class remains
in the codebase, but has been deprecated and will be removed in a future
release. The new class `treeprocessors.UnescapeTreeprocessor` should be
used instead.
|
| | |
|
| |
|
| |
Lines in 409 and 410 are part of an if-condition-block. However, they are called identically L411 and L412 outside of the if-block anyways. Fixes #1267.
|
| |
|
| |
This completely removes all objects which were deprecated in version 3.0 (this change will be included in version 3.4). Given the time that has passed, and the fact that older unmaintained extensions are not likely to support the new minimum Python version, this is little concern about breaking older extensions.
|
| |
|
| |
Fixes #1263.
|
| |
|
| |
Fixes #1261.
|
| |
|
|
|
|
|
|
| |
Python dropped support on 2021-12-23. Our policy (#760) is to drop
support on the next point release after Python does.
* Remove py36 tests
* Test multiple recent versions of pypy
* Remove pep562 backport
|
| | |
|
| |
|
|
|
|
|
|
| |
* Add an extra option `lang_str` to pass the language of the code block
to the specified Pygments formatter.
* Include an example custom Pygments formatter in the documentation
that includes the language of the code in the output using the new option.
Resolves #1255.
|
| | |
|
| | |
|
| |
|
|
|
| |
This adds configuration support for using a custom Pygments formatter,
either by giving the string name, or a custom formatter class (or
callable).
|
| |
|
| |
Closes #1224
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* footnotes: Allow to use backlink title without footnote number
- The placeholder '{}' is optional. So a user can choose to include or
not the footnote number in the backlink text.
- The modification is backward compatible with configurations using
the old '%d' placeholder.
* footnotes: Allow to use custom superscript text
- The addition of a new SUPERSCRIPT_TEXT option allows to specify
a placeholder receiving the footnote number for the superscript text.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This allows better interoperation with CSS style sheets, as the align
object on the TH is skipped if the css uses 'text-align: inherit' and
the previous 'text-align' is used instead (or the default: left).
Added an override to restore the original `align` behavior
Moved existing tests to the new test infrastructure
Added new tests to test the configuration parameter
Updated documentation to document the configuration parameter.
|
| | |
|
| |
|
|
| |
Replaces CLI action run through tox.
Closes #1243.
|
| |
|
| |
Fixes #1247.
|
| |
|
|
|
|
|
|
|
| |
This fixes a bug where any subsequent highlighted block with codehilite
would result in the omission of the style setting, because it was popped
off the dict. It would then fall back to pygments_style 'default' after
the first block.
Fixes #1240
|
| | |
|
| | |
|
| |
|
|
|
|
| |
We already disallow right square brackets. This also disallows left
square brackets, which ensures link references will be less likely
to collide with standard links in some weird edge cases. Fixes #1209.
|
| | |
|
| | |
|
| | |
|
| |
|
| |
Fixes #1124.
|
| |
|
|
| |
Fixes #1079.
|
| |
|
|
|
|
| |
PR #1102 was included in 3.3.4, not 3.3.0.
Also fix a typo in another changelog entry.
|
| | |
|
| |
|
|
|
| |
Changelog entry from hash e11cd255cae5fd3c5ef5fdd6352cd28e212fd328
was placed in the wrong place.
|
| | |
|
| |
|
| |
Fixes #1156.
|
| |
|
|
|
| |
If cache is desired, we should look into this in the future and do it
properly.
|
| |
|
|
| |
This is an old, outdated key which is simply moved into `project_urls`. As it offers no value, it is being removed.
Fixes Python-Markdown#1163.
|
| |
|
| |
Fixes #1160.
|
| | |
|
| |
|
|
|
|
| |
The footnote docs page doesn't mention the need to run `reset()` between multiple runs of the `markdown.Markdown` class.
This change adapts and adds language from the `extensions/api.md` page to explain what to do and why.
|
| | |
|
| | |
|
| | |
|
| |
|
| |
The previous link was pointing at a stale wiki page.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two regular expressions were vulerable to Regular Expression Denial of
Service (ReDoS).
Crafted strings containing a long sequence of spaces could cause Denial
of Service by making markdown take a long time to process.
This represents a vulnerability when untrusted user input is processed
with the markdown package.
ReferencesProcessor:
https://github.com/Python-Markdown/markdown/blob/4acb949256adc535d6e6cd8/markdown/blockprocessors.py#L559-L563
e.g.:
```python
import markdown
markdown.markdown('[]:0' + ' ' * 4321 + '0')
```
FencedBlockPreprocessor (requires fenced_code extension):
https://github.com/Python-Markdown/markdown/blob/a11431539d08e14b0bd821c/markdown/extensions/fenced_code.py#L43-L54
e.g.:
```python
import markdown
markdown.markdown('```' + ' ' * 4321, extensions=['fenced_code'])
```
Both regular expressions had cubic worst-case complexity, so doubling
the number of spaces made processing take 8 times as long.
The cubic behaviour can be seen as follows:
```
$ time python -c "import markdown; markdown.markdown('[]:0' + ' ' * 1000 + '0')"
python -c "import markdown; markdown.markdown('[]:0' + ' ' * 1000 + '0')" 1.25s user 0.02s system 99% cpu 1.271 total
$ time python -c "import markdown; markdown.markdown('[]:0' + ' ' * 2000 + '0')"
python -c "import markdown; markdown.markdown('[]:0' + ' ' * 2000 + '0')" 9.01s user 0.02s system 99% cpu 9.040 total
$ time python -c "import markdown; markdown.markdown('[]:0' + ' ' * 4000 + '0')"
python -c "import markdown; markdown.markdown('[]:0' + ' ' * 4000 + '0')" 74.86s user 0.27s system 99% cpu 1:15.38 total
```
Both regexes had three `[ ]*` groups separated by optional groups, in
effect making the regex `[ ]*[ ]*[ ]*`.
Discovered using [regexploit](https://github.com/doyensec/regexploit).
|
| | |
|
| |
|
|
|
|
|
| |
Update the existing test and add a new one to make sure that the
behavior of default slugify function has not changed.
Fixes #1118.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This fixes a regression which was introduced with support for toc_depth.
Relevant tests have been moved and updated to the new framework.
Fixes #1107.
The test framework also received an addition. The assertMarkdownRenders
method now accepts a new keyword expected_attrs which consists of a dict
of attrs and expected values. Each is checked against the attr of the
Markdown instance. This was needed to check the value of md.toc and
md.toc_tokens in some of the included tests.
|
| |
|
|
| |
Corrected "shorte" to "short"
|
| |
|
|
|
|
|
|
|
| |
Yuri's site (freewisdom.org) has gone offline. I have linked to his
GitHub profile instead. Also, the developer's email address
(markdown@freewisdom.org) has been replaced with a new address
(python.markdown@gmail.com). The new address simply forwards all
incoming messages to the project developer (@waylan) and deletes the
messages.
|
