From 4a600467192cc3e77b36f5b8b87290a1e782ce53 Mon Sep 17 00:00:00 2001 From: Skye Im Date: Fri, 21 Dec 2018 17:43:18 -0500 Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=92=A1=20Contrib=20limited=20html=20r?= =?UTF-8?q?enderer=20(#74)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- contrib/limited_html_renderer.py | 11 +++++++ .../test_limited_html_renderer.py | 31 +++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 contrib/limited_html_renderer.py create mode 100644 test/test_contrib/test_limited_html_renderer.py diff --git a/contrib/limited_html_renderer.py b/contrib/limited_html_renderer.py new file mode 100644 index 00000000..5576ccdc --- /dev/null +++ b/contrib/limited_html_renderer.py @@ -0,0 +1,11 @@ +import html +from mistletoe.html_renderer import HTMLRenderer + +class LimitedHTMLRenderer(HTMLRenderer): + @staticmethod + def render_html_block(token): + return html.escape(token.content) + + @staticmethod + def render_html_span(token): + return html.escape(token.content) diff --git a/test/test_contrib/test_limited_html_renderer.py b/test/test_contrib/test_limited_html_renderer.py new file mode 100644 index 00000000..6554680a --- /dev/null +++ b/test/test_contrib/test_limited_html_renderer.py @@ -0,0 +1,31 @@ +from contrib.limited_html_renderer import LimitedHTMLRenderer +from mistletoe.block_token import Document +import random +import string +from unittest import TestCase + +class TestLimitedHTMLRenderer(TestCase): + def setUp(self): + self.renderer = LimitedHTMLRenderer() + self.renderer.__enter__() + self.addCleanup(self.renderer.__exit__, None, None, None) + + def check_render(self, inputString, expected, errormsg): + output = self.renderer.render(Document(inputString)) + output = output.strip() + self.assertEqual(output, expected, errormsg) + + def test_render_inline_div(self): + input = '
hello
' + output = '<div>hello</div>' + self.check_render(input, output, 'One line div is not escaped') + + def test_render_inline_span(self): + input = 'hello' + output = '

<span>hello</span>

' + self.check_render(input, output, 'One line span is not escaped') + + def test_render_embedded_markdown(self): + input = '
\n\n*hello*\n\n
' + output = '<div>\n

hello

\n</div>' + self.check_render(input, output, 'Markdown inside div is unexpectedly escaped') From d80921c10e92145f721fec79e09363f3b86d4f11 Mon Sep 17 00:00:00 2001 From: Skye Im Date: Fri, 21 Dec 2018 17:53:59 -0500 Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=90=9B=20LimitedHTMLRenderer=20compat?= =?UTF-8?q?=20for=20python<3.4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- contrib/limited_html_renderer.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/limited_html_renderer.py b/contrib/limited_html_renderer.py index 5576ccdc..2ff49a93 100644 --- a/contrib/limited_html_renderer.py +++ b/contrib/limited_html_renderer.py @@ -1,4 +1,8 @@ -import html +import sys +if sys.version_info < (3, 4): + from mistletoe import _html as html +else: + import html from mistletoe.html_renderer import HTMLRenderer class LimitedHTMLRenderer(HTMLRenderer): From d424f708006f34ea93337a1ccc8df40197ceb75e Mon Sep 17 00:00:00 2001 From: Skye Im Date: Fri, 21 Dec 2018 18:29:46 -0500 Subject: [PATCH 3/3] =?UTF-8?q?=F0=9F=90=9B=20LimitedHTML=20test=20block?= =?UTF-8?q?=20quotes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- test/test_contrib/test_limited_html_renderer.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/test/test_contrib/test_limited_html_renderer.py b/test/test_contrib/test_limited_html_renderer.py index 6554680a..49c25151 100644 --- a/test/test_contrib/test_limited_html_renderer.py +++ b/test/test_contrib/test_limited_html_renderer.py @@ -29,3 +29,10 @@ def test_render_embedded_markdown(self): input = '
\n\n*hello*\n\n
' output = '<div>\n

hello

\n</div>' self.check_render(input, output, 'Markdown inside div is unexpectedly escaped') + + def test_block_quotes_not_escaped(self): + input = ''' + > Blockquote + > End of quote'''.replace(' ', '') + output = self.renderer.render(Document(input)) + self.assertNotIn('&', output, 'Blockquotes are unexpectedly escaped')