From 68ee98ffdd0ece821cab953a8087cdc1d67b4e0c Mon Sep 17 00:00:00 2001 From: Andrew Ekstedt Date: Fri, 19 Mar 2021 21:45:14 -0700 Subject: [PATCH] Fix some Markdown warnings Fixes the following warnings when run with Markdown 2.6.11: DeprecationWarning: "safe_mode" is deprecated in Python-Markdown. Use an HTML sanitizer (like Bleach https://bleach.readthedocs.io/) if you are parsing untrusted markdown text. See the 2.6 release notes for more info DeprecationWarning: Using short names for Markdown's builtin extensions is deprecated. Use the full path to the extension with Python's dot notation (eg: "markdown.extensions.extra" instead of "extra"). The current behavior will raise an error in version 2.7. See the Release Notes for Python-Markdown version 2.6 for more info. Also get rid of some compatability code for Markdown 2.0, which we no longer support. Updates #257 --- pokedex/db/markdown.py | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/pokedex/db/markdown.py b/pokedex/db/markdown.py index 115faa4..f030ba7 100644 --- a/pokedex/db/markdown.py +++ b/pokedex/db/markdown.py @@ -16,12 +16,8 @@ import re import markdown import six from sqlalchemy.orm.session import object_session -try: - # Markdown 2.1+ - from markdown.util import etree, AtomicString -except ImportError: - # Old Markdown - from markdown import etree, AtomicString +from markdown.util import etree, AtomicString + @six.python_2_unicode_compatible class MarkdownString(object): @@ -66,8 +62,7 @@ class MarkdownString(object): extension = self.session.markdown_extension md = markdown.Markdown( - extensions=['extra', extension], - safe_mode='escape', + extensions=['markdown.extensions.extra', EscapeHtml(), extension], output_format='xhtml1', ) @@ -228,6 +223,17 @@ class PokedexLinkPattern(markdown.inlinepatterns.Pattern): el.text = AtomicString(label or name) return el +class EscapeHtml(markdown.Extension): + u"""Markdown extension which escapes raw html elements. + + This is the recommended replacement for safe_mode='escape', + which was deprecated in Markdown 2.5. + See https://python-markdown.github.io/change_log/release-2.5/ + """ + def extendMarkdown(self, md, md_globals): + del md.preprocessors['html_block'] + del md.inlinePatterns['html'] + class PokedexLinkExtension(markdown.Extension): u"""Markdown extension that translates the syntax used in effect text: