Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Add allowed option for inline/block attributes #115

Merged
merged 23 commits into from
Sep 9, 2024
Merged

✨ Add allowed option for inline/block attributes #115

Changes from 2 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
c72cc47
adding allowed attributes to protect against XSS attacks.
Sep 2, 2024
4a1d21e
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Sep 2, 2024
2a508a4
Merge branch 'master' into adding-allowed-attributes
chrisjsewell Sep 2, 2024
fc5e4c1
brought it together
Sep 3, 2024
49fa7fb
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Sep 3, 2024
9137c00
fix mypy
Sep 4, 2024
3df6f55
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Sep 4, 2024
72e5394
fix ruff
Sep 4, 2024
c5c18f4
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Sep 4, 2024
1754554
ruff
Sep 4, 2024
2c70381
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Sep 4, 2024
dcff3b2
fix_remark_commit
Sep 9, 2024
84e5019
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Sep 9, 2024
18e16fb
fix_lint
Sep 9, 2024
ca6e88d
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Sep 9, 2024
b302bc6
Update mdit_py_plugins/attrs/index.py
chrisjsewell Sep 9, 2024
f2b8997
Update mdit_py_plugins/attrs/index.py
chrisjsewell Sep 9, 2024
a6887de
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Sep 9, 2024
99799d8
Merge branch 'master' into adding-allowed-attributes
joker21663 Sep 9, 2024
ba43925
re-work, and add test
chrisjsewell Sep 9, 2024
5371f39
Merge branch 'adding-allowed-attributes' of https://github.com/joker2…
chrisjsewell Sep 9, 2024
9cb4c29
Update index.py
chrisjsewell Sep 9, 2024
53d865d
Update index.py
chrisjsewell Sep 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions mdit_py_plugins/attrs/index.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,18 @@
from .parse import ParseError, parse


class NotAllowedAttributesError(ValueError):
pass


def attrs_plugin(
md: MarkdownIt,
*,
after: Sequence[str] = ("image", "code_inline", "link_close", "span_close"),
spans: bool = False,
span_after: str = "link",
allowed_attributes: Sequence[str] = [],
strict: bool = False,
chrisjsewell marked this conversation as resolved.
Show resolved Hide resolved
) -> None:
"""Parse inline attributes that immediately follow certain inline elements::

Expand Down Expand Up @@ -58,6 +64,17 @@ def _attr_inline_rule(state: StateInline, silent: bool) -> bool:
return False
try:
new_pos, attrs = parse(state.src[state.pos :])
if allowed_attributes:
chrisjsewell marked this conversation as resolved.
Show resolved Hide resolved
if strict:
attrs = {
k: v for k, v in attrs.items() if k not in allowed_attributes
}
if attrs:
raise NotAllowedAttributesError(
f"These attributes are not allowed {attrs}"
)
else:
attrs = {k: v for k, v in attrs.items() if k in allowed_attributes}
except ParseError:
return False
token_index = _find_opening(state.tokens, len(state.tokens) - 1)
Expand Down
Loading