Markdown2's 2.4.9 release removed the method we were using to prevent
data and javascript urls schemes. As a result it also causes linking designators
(class123) to fail.

See:

  https://github.com/trentm/python-markdown2/issues/517

for details.

After the 2.3.0 release this patch:

  * works like it used to for 2.4.8
  * errors for 2.4.9
  * limits to http/https for 2.4.10.

It still needs work to maybe include mailto, ftp etc. It does not use the scheme blackist
that the other 2 markdown and reST formatters do. So it can't be overridden from 
interfaces.py. This needs to be fixed before it gets checked in.


==============

diff -r f2c588128202 roundup/cgi/templating.py
--- a/roundup/cgi/templating.py Tue Jul 04 23:47:25 2023 -0400
+++ b/roundup/cgi/templating.py Wed Jul 05 17:09:00 2023 -0400
@@ -60,11 +60,19 @@
     try:
         import markdown2
         import re
-
-        class Markdown(markdown2.Markdown):
-            # don't allow disabled protocols in links
-            _safe_protocols = re.compile('(?!' + ':|'.join([
-                re.escape(s) for s in _disable_url_schemes])
+
+        markdown2_vi = markdown2.__version_info__
+        if  markdown2_vi > (2, 4, 9):
+            class Markdown(markdown2.Markdown):
+                    # only allow http/https in links
+                    _safe_protocols = r'(?:https?):\/\/'
+        elif markdown2_vi == (2, 4, 9):
+            raise RuntimeError("Unsupported version - markdown2 v2.4.9\n")
+        else:
+            class Markdown(markdown2.Markdown):
+                # don't allow disabled protocols in links
+                _safe_protocols = re.compile('(?!' + ':|'.join([
+                    re.escape(s) for s in _disable_url_schemes])
                                          + ':)', re.IGNORECASE)

         def _extras(config):