Issue 2551283
Created on 2023-07-05 21:29 by rouilj, last changed 2023-07-25 20:36 by rouilj.
msg7796 |
Author: [hidden] (rouilj) |
Date: 2023-07-05 21:29 |
|
Markdown2's 2.4.9 release removed the method we were using to prevent
data and javascript urls schemes. As a result it also causes linking designators
(class123) to fail.
See:
https://github.com/trentm/python-markdown2/issues/517
for details.
After the 2.3.0 release this patch:
* works like it used to for 2.4.8
* errors for 2.4.9
* limits to http/https for 2.4.10.
It still needs work to maybe include mailto, ftp etc. It does not use the scheme blackist
that the other 2 markdown and reST formatters do. So it can't be overridden from
interfaces.py. This needs to be fixed before it gets checked in.
==============
diff -r f2c588128202 roundup/cgi/templating.py
--- a/roundup/cgi/templating.py Tue Jul 04 23:47:25 2023 -0400
+++ b/roundup/cgi/templating.py Wed Jul 05 17:09:00 2023 -0400
@@ -60,11 +60,19 @@
try:
import markdown2
import re
-
- class Markdown(markdown2.Markdown):
- # don't allow disabled protocols in links
- _safe_protocols = re.compile('(?!' + ':|'.join([
- re.escape(s) for s in _disable_url_schemes])
+
+ markdown2_vi = markdown2.__version_info__
+ if markdown2_vi > (2, 4, 9):
+ class Markdown(markdown2.Markdown):
+ # only allow http/https in links
+ _safe_protocols = r'(?:https?):\/\/'
+ elif markdown2_vi == (2, 4, 9):
+ raise RuntimeError("Unsupported version - markdown2 v2.4.9\n")
+ else:
+ class Markdown(markdown2.Markdown):
+ # don't allow disabled protocols in links
+ _safe_protocols = re.compile('(?!' + ':|'.join([
+ re.escape(s) for s in _disable_url_schemes])
+ ':)', re.IGNORECASE)
def _extras(config):
|
msg7816 |
Author: [hidden] (rouilj) |
Date: 2023-07-25 20:36 |
|
Done on changeset: 7561:91725f12b239
2.4.10 of markdown2 released today.
|
|
Date |
User |
Action |
Args |
2023-07-25 20:36:16 | rouilj | set | status: new -> fixed assignee: rouilj resolution: remind -> fixed messages:
+ msg7816 |
2023-07-05 21:29:39 | rouilj | set | resolution: remind |
2023-07-05 21:29:26 | rouilj | create | |
|