From 07e6d74b91f2a7d89b3d05af300afc2d94f01450 Mon Sep 17 00:00:00 2001 From: miruka Date: Sun, 27 Oct 2019 12:06:19 -0400 Subject: [PATCH] Fix HTML escaping for markdown parsing Use mistune's escape option instead of `html.escape()` which messes up links. --- src/python/html_filter.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/python/html_filter.py b/src/python/html_filter.py index 2ccfc096..0e39e091 100644 --- a/src/python/html_filter.py +++ b/src/python/html_filter.py @@ -1,4 +1,3 @@ -import html import re import html_sanitizer.sanitizer as sanitizer @@ -62,8 +61,9 @@ class HtmlFilter: lambda el, *args, **kw: el # hard_wrap: convert all \n to
without required two spaces + # escape: escape HTML characters in the input string, e.g. tags self._markdown_to_html = mistune.Markdown( - hard_wrap=True, inline=MarkdownInlineLexer, + hard_wrap=True, escape=True, inline=MarkdownInlineLexer, ) self._markdown_to_html.block.default_rules = [ @@ -73,13 +73,11 @@ class HtmlFilter: def from_markdown(self, text: str, outgoing: bool = False) -> str: - return self.filter(self._markdown_to_html(html.escape(text)), outgoing) + return self.filter(self._markdown_to_html(text), outgoing) def from_markdown_inline(self, text: str, outgoing: bool = False) -> str: - return self.filter_inline( - self._markdown_to_html(html.escape(text)), outgoing, - ) + return self.filter_inline(self._markdown_to_html(text), outgoing) def filter_inline(self, html: str, outgoing: bool = False) -> str: