| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
| |
In addition to checking the spelling in our documentation, we are now also checking the spelling of the README.md and similar files as well as comments in our Python code.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The `NOT_STRONG_RE` regex matchs 1, 2, or 3 * or _ which are surrounded by
white space to prevent them from being parsed as tokens. However, the
surrounding white space should not be consumed by the regex, which is why
lookhead and lookbehind assertions are used. As `^` cannot be matched in a
lookbehind assertion, it is left outside the assertion, but as it is zero
length, that should not matter.
Tests added and/or updated to cover various edge cases. Fixes #1300.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are small typos in:
- docs/extensions/fenced_code_blocks.md
- docs/extensions/meta_data.md
- markdown/extensions/codehilite.py
- markdown/extensions/footnotes.py
- tests/test_legacy.py
Fixes:
- Should read `delimiters` rather than `deliminators`.
- Should read `shebang` rather than `sheband`.
- Should read `processing` rather than `proccesing`.
- Should read `backslash` rather than `blackslash`.
Signed-off-by: Tim Gates <tim.gates@iress.com>
|
| | |
|
| |
|
|
| |
Fixes #1274.
|
| |
|
| |
Cleaned up the release notes.
|
| |
|
|
|
|
|
|
|
|
| |
By unescaping backslash escapes in a treeprocessor, the text is properly
escaped during serialization. Fixes #1131.
As it is recognized that various third-party extensions may be calling the
old class at `postprocessors.UnescapePostprocessor` the old class remains
in the codebase, but has been deprecated and will be removed in a future
release. The new class `treeprocessors.UnescapeTreeprocessor` should be
used instead.
|
| | |
|
| |
|
| |
Lines in 409 and 410 are part of an if-condition-block. However, they are called identically L411 and L412 outside of the if-block anyways. Fixes #1267.
|
| |
|
| |
This completely removes all objects which were deprecated in version 3.0 (this change will be included in version 3.4). Given the time that has passed, and the fact that older unmaintained extensions are not likely to support the new minimum Python version, this is little concern about breaking older extensions.
|
| |
|
| |
Fixes #1263.
|
| |
|
| |
Fixes #1261.
|
| |
|
|
|
|
|
|
| |
Python dropped support on 2021-12-23. Our policy (#760) is to drop
support on the next point release after Python does.
* Remove py36 tests
* Test multiple recent versions of pypy
* Remove pep562 backport
|
| | |
|
| |
|
|
|
|
|
|
| |
* Add an extra option `lang_str` to pass the language of the code block
to the specified Pygments formatter.
* Include an example custom Pygments formatter in the documentation
that includes the language of the code in the output using the new option.
Resolves #1255.
|
| | |
|
| | |
|
| |
|
|
|
| |
This adds configuration support for using a custom Pygments formatter,
either by giving the string name, or a custom formatter class (or
callable).
|
| |
|
| |
Closes #1224
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* footnotes: Allow to use backlink title without footnote number
- The placeholder '{}' is optional. So a user can choose to include or
not the footnote number in the backlink text.
- The modification is backward compatible with configurations using
the old '%d' placeholder.
* footnotes: Allow to use custom superscript text
- The addition of a new SUPERSCRIPT_TEXT option allows to specify
a placeholder receiving the footnote number for the superscript text.
|
| |
|
|
|
|
|
|
|
|
| |
This allows better interoperation with CSS style sheets, as the align
object on the TH is skipped if the css uses 'text-align: inherit' and
the previous 'text-align' is used instead (or the default: left).
Added an override to restore the original `align` behavior
Moved existing tests to the new test infrastructure
Added new tests to test the configuration parameter
Updated documentation to document the configuration parameter.
|
| | |
|
| |
|
| |
Fixes #1247.
|
| |
|
|
|
|
|
|
|
| |
This fixes a bug where any subsequent highlighted block with codehilite
would result in the omission of the style setting, because it was popped
off the dict. It would then fall back to pygments_style 'default' after
the first block.
Fixes #1240
|
| | |
|
| | |
|
| |
|
|
|
|
| |
We already disallow right square brackets. This also disallows left
square brackets, which ensures link references will be less likely
to collide with standard links in some weird edge cases. Fixes #1209.
|
| | |
|
| | |
|
| |
|
| |
Fixes #1124.
|
| |
|
|
| |
Fixes #1079.
|
| | |
|
| | |
|
| |
|
| |
Fixes #1156.
|
| |
|
| |
Fixes #1160.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two regular expressions were vulerable to Regular Expression Denial of
Service (ReDoS).
Crafted strings containing a long sequence of spaces could cause Denial
of Service by making markdown take a long time to process.
This represents a vulnerability when untrusted user input is processed
with the markdown package.
ReferencesProcessor:
https://github.com/Python-Markdown/markdown/blob/4acb949256adc535d6e6cd8/markdown/blockprocessors.py#L559-L563
e.g.:
```python
import markdown
markdown.markdown('[]:0' + ' ' * 4321 + '0')
```
FencedBlockPreprocessor (requires fenced_code extension):
https://github.com/Python-Markdown/markdown/blob/a11431539d08e14b0bd821c/markdown/extensions/fenced_code.py#L43-L54
e.g.:
```python
import markdown
markdown.markdown('```' + ' ' * 4321, extensions=['fenced_code'])
```
Both regular expressions had cubic worst-case complexity, so doubling
the number of spaces made processing take 8 times as long.
The cubic behaviour can be seen as follows:
```
$ time python -c "import markdown; markdown.markdown('[]:0' + ' ' * 1000 + '0')"
python -c "import markdown; markdown.markdown('[]:0' + ' ' * 1000 + '0')" 1.25s user 0.02s system 99% cpu 1.271 total
$ time python -c "import markdown; markdown.markdown('[]:0' + ' ' * 2000 + '0')"
python -c "import markdown; markdown.markdown('[]:0' + ' ' * 2000 + '0')" 9.01s user 0.02s system 99% cpu 9.040 total
$ time python -c "import markdown; markdown.markdown('[]:0' + ' ' * 4000 + '0')"
python -c "import markdown; markdown.markdown('[]:0' + ' ' * 4000 + '0')" 74.86s user 0.27s system 99% cpu 1:15.38 total
```
Both regexes had three `[ ]*` groups separated by optional groups, in
effect making the regex `[ ]*[ ]*[ ]*`.
Discovered using [regexploit](https://github.com/doyensec/regexploit).
|
| | |
|
| |
|
|
|
|
|
| |
Update the existing test and add a new one to make sure that the
behavior of default slugify function has not changed.
Fixes #1118.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This fixes a regression which was introduced with support for toc_depth.
Relevant tests have been moved and updated to the new framework.
Fixes #1107.
The test framework also received an addition. The assertMarkdownRenders
method now accepts a new keyword expected_attrs which consists of a dict
of attrs and expected values. Each is checked against the attr of the
Markdown instance. This was needed to check the value of md.toc and
md.toc_tokens in some of the included tests.
|
| |
|
|
| |
Corrected "shorte" to "short"
|
| | |
|
| | |
|
