Escape all characters with Markdown significance #118
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There are many punctuation characters that sometimes have significance in Markdown; more systematically escape them all (based on a new escape_misc configuration option). A limited attempt is made to limit the escaping of '.' and ')' to the context where they might have Markdown significance (after a number, where they can indicate an ordered list item); no such attempt is made for the other characters (and even that limiting of '.' and ')' may not be entirely safe in all cases, as it's possible the HTML could have the number outside the block being escaped in one go, e.g. `<span>1</span>.`. Fixes matthewwithanm#99
|
Thats a great contribution, thank you! I only removed the looping over the text with a re.sub, hope I did not introduce more complexity with that. |
pcraig3
added a commit
to HHS/simpler-grants-pdf-builder
that referenced
this pull request
Aug 30, 2024
This was a recent change that went in, but it doesn't work for us because our documents are too complex. - matthewwithanm/python-markdownify#118
|
This is a bad change and bad code that breaks a variety of things; it feels a lot like over-escaping. E.g. even regular links like this Especially setting It is so bad that just 13 days after this PR was handed in, a new PR #122 was submitted to fix what this one so heavy handedly "implemented". |
hogo6002
referenced
this pull request
in google/osv.dev
Sep 10, 2024
This PR contains the following updates: | Package | Type | Update | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | | | [cloud.google.com/go/logging](https://redirect.github.com/googleapis/google-cloud-go) | require | minor | `v1.10.0` -> `v1.11.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [cloud.google.com/go/secretmanager](https://redirect.github.com/googleapis/google-cloud-go) | require | minor | `v1.13.1` -> `v1.14.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [github.com/google/osv-scanner](https://redirect.github.com/google/osv-scanner) | require | minor | `v1.7.4` -> `v1.8.4` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [github.com/sethvargo/go-retry](https://redirect.github.com/sethvargo/go-retry) | require | minor | `v0.2.4` -> `v0.3.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | golang | stage | minor | `1.22.5-alpine` -> `1.23.1-alpine` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | golang.org/x/exp | require | digest | `fc45aab` -> `701f63a` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [markdownify](https://redirect.github.com/matthewwithanm/python-markdownify) | dependencies | minor | `==0.11.6` -> `==0.13.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [pandas](https://pandas.pydata.org) ([source](https://redirect.github.com/pandas-dev/pandas)) | dependencies | minor | `==2.1.3` -> `==2.2.2` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [pylint](https://redirect.github.com/pylint-dev/pylint) ([changelog](https://pylint.readthedocs.io/en/latest/whatsnew/3/)) | dev-dependencies | patch | `3.2.5` -> `3.2.7` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [python-dateutil](https://redirect.github.com/dateutil/dateutil) | dependencies | minor | `==2.8.2` -> `==2.9.0.post0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>google/osv-scanner (github.com/google/osv-scanner)</summary> ### [`v1.8.4`](https://redirect.github.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v184) [Compare Source](https://redirect.github.com/google/osv-scanner/compare/v1.8.3...v1.8.4) ##### Features: - [Feature #​1177](https://redirect.github.com/google/osv-scanner/pull/1177) Adds `--upgrade-config` flag for configuring allowed upgrades on a per-package basis. Also hide & deprecate previous `--disallow-major-upgrades` and `--disallow-package-upgrades` flags. ##### Fixes: - [Bug #​1123](https://redirect.github.com/google/osv-scanner/issues/1123) Issue when running osv-scanner on project running with golang 1.22 [#​1123](https://redirect.github.com/google/osv-scanner/issues/1123) ##### Misc: - [Feature #​638](https://redirect.github.com/google/osv-scanner/issues/638) Update go policy to use stable go version for builds (updated to go 1.23) ### [`v1.8.3`](https://redirect.github.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v183) [Compare Source](https://redirect.github.com/google/osv-scanner/compare/v1.8.2...v1.8.3) ##### Features: - [Feature #​889](https://redirect.github.com/google/osv-scanner/pull/889) OSV-Scanner now provides "vertical" output format! ##### Fixes: - [Bug #​1115](https://redirect.github.com/google/osv-scanner/issues/1115) Ensure that `semantic` is passed a valid `models.Ecosystem`. - [Bug #​1140](https://redirect.github.com/google/osv-scanner/pull/1140) Add Maven dependency management to override client. - [Bug #​1149](https://redirect.github.com/google/osv-scanner/pull/1149) Handle Maven parent relative path. ##### Misc: - [Feature #​1091](https://redirect.github.com/google/osv-scanner/pull/1091) Improved the runtime of DiffVulnerabilityResults. Thanks [@​neilnaveen](https://redirect.github.com/neilnaveen)! - [Feature #​1125](https://redirect.github.com/google/osv-scanner/pull/1125) Workflow for stale issue and PR management. ### [`v1.8.2`](https://redirect.github.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v182) [Compare Source](https://redirect.github.com/google/osv-scanner/compare/v1.8.1...v1.8.2) ##### Features: - [Feature #​1014](https://redirect.github.com/google/osv-scanner/pull/1014) Adding CycloneDX 1.4 and 1.5 output format. Thanks [@​marcwieserdev](https://redirect.github.com/marcwieserdev)! ##### Fixes: - [Bug #​769](https://redirect.github.com/google/osv-scanner/issues/769) Fixed missing vulnerabilities for debian purls for `--experimental-local-db`. - [Bug #​1055](https://redirect.github.com/google/osv-scanner/issues/1055) Ensure that `package` exists in `affected` property. - [Bug #​1072](https://redirect.github.com/google/osv-scanner/issues/1072) Filter out unimportant vulnerabilities from vuln group. - [Bug #​1077](https://redirect.github.com/google/osv-scanner/issues/1077) Fix rate osv-scanner deadlock. - [Bug #​924](https://redirect.github.com/google/osv-scanner/issues/924) Ensure that npm dependencies retain their "production" grouping. ### [`v1.8.1`](https://redirect.github.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v180v181) [Compare Source](https://redirect.github.com/google/osv-scanner/compare/v1.8.0...v1.8.1) ##### Features: - [Feature #​35](https://redirect.github.com/google/osv-scanner/issues/35) OSV-Scanner now scans transitive dependencies in Maven `pom.xml` files! See [our documentation](https://google.github.io/osv-scanner/supported-languages-and-lockfiles/#transitive-dependency-scanning) for more information. - [Feature #​944](https://redirect.github.com/google/osv-scanner/pull/944) The `osv-scanner.toml` configuration file can now filter specific packages with new `[[PackageOverrides]]` sections: ```toml [[PackageOverrides]] ``` ### [`v1.8.0`](https://redirect.github.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v180v181) [Compare Source](https://redirect.github.com/google/osv-scanner/compare/v1.7.4...v1.8.0) ##### Features: - [Feature #​35](https://redirect.github.com/google/osv-scanner/issues/35) OSV-Scanner now scans transitive dependencies in Maven `pom.xml` files! See [our documentation](https://google.github.io/osv-scanner/supported-languages-and-lockfiles/#transitive-dependency-scanning) for more information. - [Feature #​944](https://redirect.github.com/google/osv-scanner/pull/944) The `osv-scanner.toml` configuration file can now filter specific packages with new `[[PackageOverrides]]` sections: ```toml [[PackageOverrides]] ``` </details> <details> <summary>sethvargo/go-retry (github.com/sethvargo/go-retry)</summary> ### [`v0.3.0`](https://redirect.github.com/sethvargo/go-retry/releases/tag/v0.3.0) [Compare Source](https://redirect.github.com/sethvargo/go-retry/compare/v0.2.4...v0.3.0) #### What's Changed - Add DoValue, which requires generics and bumps to Go 1.21 by [@​sethvargo](https://redirect.github.com/sethvargo) in [https://github.com/sethvargo/go-retry/pull/26](https://redirect.github.com/sethvargo/go-retry/pull/26) **Full Changelog**: sethvargo/go-retry@v0.2.4...v0.3.0 </details> <details> <summary>matthewwithanm/python-markdownify (markdownify)</summary> ### [`v0.13.1`](https://redirect.github.com/matthewwithanm/python-markdownify/releases/tag/0.13.1) [Compare Source](https://redirect.github.com/matthewwithanm/python-markdownify/compare/0.13.0...0.13.1) #### What's Changed - Migrated the metadata into PEP 621-compliant pyproject.toml by [@​KOLANICH](https://redirect.github.com/KOLANICH) in [https://github.com/matthewwithanm/python-markdownify/pull/138](https://redirect.github.com/matthewwithanm/python-markdownify/pull/138) **Full Changelog**: matthewwithanm/python-markdownify@0.13.0...0.13.1 ### [`v0.13.0`](https://redirect.github.com/matthewwithanm/python-markdownify/releases/tag/0.13.0) [Compare Source](https://redirect.github.com/matthewwithanm/python-markdownify/compare/0.12.1...0.13.0) #### What's Changed - Avoid inline styles inside `<code>` / `<pre>` conversion by [@​jsm28](https://redirect.github.com/jsm28) in [https://github.com/matthewwithanm/python-markdownify/pull/117](https://redirect.github.com/matthewwithanm/python-markdownify/pull/117) - Escape all characters with Markdown significance by [@​jsm28](https://redirect.github.com/jsm28) in [https://github.com/matthewwithanm/python-markdownify/pull/118](https://redirect.github.com/matthewwithanm/python-markdownify/pull/118) - Update MANIFEST.in to exclude tests during packaging by [@​samypr100](https://redirect.github.com/samypr100) in [https://github.com/matthewwithanm/python-markdownify/pull/125](https://redirect.github.com/matthewwithanm/python-markdownify/pull/125) - Special-case use of HTML tags for converting `<sub>` / `<sup>` by [@​jsm28](https://redirect.github.com/jsm28) in [https://github.com/matthewwithanm/python-markdownify/pull/119](https://redirect.github.com/matthewwithanm/python-markdownify/pull/119) - handle ol start value is not number by [@​microdnd](https://redirect.github.com/microdnd) in [https://github.com/matthewwithanm/python-markdownify/pull/127](https://redirect.github.com/matthewwithanm/python-markdownify/pull/127) #### New Contributors - [@​jsm28](https://redirect.github.com/jsm28) made their first contribution in [https://github.com/matthewwithanm/python-markdownify/pull/117](https://redirect.github.com/matthewwithanm/python-markdownify/pull/117) - [@​samypr100](https://redirect.github.com/samypr100) made their first contribution in [https://github.com/matthewwithanm/python-markdownify/pull/125](https://redirect.github.com/matthewwithanm/python-markdownify/pull/125) - [@​microdnd](https://redirect.github.com/microdnd) made their first contribution in [https://github.com/matthewwithanm/python-markdownify/pull/127](https://redirect.github.com/matthewwithanm/python-markdownify/pull/127) **Full Changelog**: matthewwithanm/python-markdownify@0.12.1...0.13.0 ### [`v0.12.1`](https://redirect.github.com/matthewwithanm/python-markdownify/releases/tag/0.12.1): Fix wrong version [Compare Source](https://redirect.github.com/matthewwithanm/python-markdownify/compare/0.11.6...0.12.1) </details> <details> <summary>pandas-dev/pandas (pandas)</summary> ### [`v2.2.2`](https://redirect.github.com/pandas-dev/pandas/compare/v2.2.1...v2.2.2) [Compare Source](https://redirect.github.com/pandas-dev/pandas/compare/v2.2.1...v2.2.2) ### [`v2.2.1`](https://redirect.github.com/pandas-dev/pandas/releases/tag/v2.2.1): Pandas 2.2.1 [Compare Source](https://redirect.github.com/pandas-dev/pandas/compare/v2.2.0...v2.2.1) We are pleased to announce the release of pandas 2.2.1. This release includes some new features, bug fixes, and performance improvements. We recommend that all users upgrade to this version. See the [full whatsnew](https://pandas.pydata.org/pandas-docs/version/2.2.1/whatsnew/v2.2.1.html) for a list of all the changes. Pandas 2.2.1 supports Python 3.9 and higher. The release will be available on the defaults and conda-forge channels: conda install pandas Or via PyPI: python3 -m pip install --upgrade pandas Please report any issues with the release on the [pandas issue tracker](https://redirect.github.com/pandas-dev/pandas/issues). Thanks to all the contributors who made this release possible. ### [`v2.2.0`](https://redirect.github.com/pandas-dev/pandas/compare/v2.1.4...v2.2.0) [Compare Source](https://redirect.github.com/pandas-dev/pandas/compare/v2.1.4...v2.2.0) ### [`v2.1.4`](https://redirect.github.com/pandas-dev/pandas/releases/tag/v2.1.4): Pandas 2.1.4 [Compare Source](https://redirect.github.com/pandas-dev/pandas/compare/v2.1.3...v2.1.4) This is a patch release in the 2.1.x series and includes some regression and bug fixes, and a security fix. We recommend that all users upgrade to this version. See the [full whatsnew](https://pandas.pydata.org/pandas-docs/version/2.1.4/whatsnew/v2.1.4.html) for a list of all the changes. The release will be available on the defaults and conda-forge channels: conda install pandas Or via PyPI: python3 -m pip install --upgrade pandas Please report any issues with the release on the [pandas issue tracker](https://redirect.github.com/pandas-dev/pandas/issues). Thanks to all the contributors who made this release possible. </details> <details> <summary>pylint-dev/pylint (pylint)</summary> ### [`v3.2.7`](https://redirect.github.com/pylint-dev/pylint/releases/tag/v3.2.7) [Compare Source](https://redirect.github.com/pylint-dev/pylint/compare/v3.2.6...v3.2.7) ## What's new in Pylint 3.2.7? Release date: 2024-08-31 ## False Positives Fixed - Fixed a false positive `unreachable` for `NoReturn` coroutine functions. Closes [#​9840](https://redirect.github.com/pylint-dev/pylint/issues/9840) ## Other Bug Fixes - Fix crash in refactoring checker when calling a lambda bound as a method. Closes [#​9865](https://redirect.github.com/pylint-dev/pylint/issues/9865) - Fix a crash in `undefined-loop-variable` when providing the `iterable` argument to `enumerate()`. Closes [#​9875](https://redirect.github.com/pylint-dev/pylint/issues/9875) - Fix to address indeterminacy of error message in case a module name is same as another in a separate namespace. Refs [#​9883](https://redirect.github.com/pylint-dev/pylint/issues/9883) ### [`v3.2.6`](https://redirect.github.com/pylint-dev/pylint/releases/tag/v3.2.6) [Compare Source](https://redirect.github.com/pylint-dev/pylint/compare/v3.2.5...v3.2.6) ## What's new in Pylint 3.2.6? Release date: 2024-07-21 ## False Positives Fixed - Quiet false positives for `unexpected-keyword-arg` when pylint cannot determine which of two or more dynamically defined classes is being instantiated. Closes [#​9672](https://redirect.github.com/pylint-dev/pylint/issues/9672) - Fix a false positive for `missing-param-doc` where a method which is decorated with `typing.overload` was expected to have a docstring specifying its parameters. Closes [#​9739](https://redirect.github.com/pylint-dev/pylint/issues/9739) - Fix a regression that raised `invalid-name` on class attributes merely overriding invalid names from an ancestor. Closes [#​9765](https://redirect.github.com/pylint-dev/pylint/issues/9765) - Treat `assert_never()` the same way when imported from `typing_extensions`. Closes [#​9780](https://redirect.github.com/pylint-dev/pylint/issues/9780) - Fix a false positive for `consider-using-min-max-builtin` when the assignment target is an attribute. Refs [#​9800](https://redirect.github.com/pylint-dev/pylint/issues/9800) ## Other Bug Fixes - Fix an `AssertionError` arising from properties that return partial functions. Closes [#​9214](https://redirect.github.com/pylint-dev/pylint/issues/9214) - Fix a crash when a subclass extends `__slots__`. Closes [#​9814](https://redirect.github.com/pylint-dev/pylint/issues/9814) </details> <details> <summary>dateutil/dateutil (python-dateutil)</summary> ### [`v2.9.0.post0`](https://redirect.github.com/dateutil/dateutil/releases/tag/2.9.0.post0) [Compare Source](https://redirect.github.com/dateutil/dateutil/compare/2.9.0...2.9.0.post0) ### Version 2.9.0.post0 (2024-03-01) #### Bugfixes - Pinned `setuptools_scm` to `<8`, which should make the generated `_version.py` file compatible with all supported versions of Python. ### [`v2.9.0`](https://redirect.github.com/dateutil/dateutil/releases/tag/2.9.0) [Compare Source](https://redirect.github.com/dateutil/dateutil/compare/2.8.2...2.9.0) ### Version 2.9.0 (2024-02-29) #### Data updates - Updated tzdata version to 2024a. (gh pr [#​1342](https://redirect.github.com/dateutil/dateutil/issues/1342)) #### Features - Made all `dateutil` submodules lazily imported using [PEP 562](https://www.python.org/dev/peps/pep-0562/). On Python 3.7+, things like `import dateutil; dateutil.tz.gettz("America/New_York")` will now work without explicitly importing `dateutil.tz`, with the import occurring behind the scenes on first use. The old behavior remains on Python 3.6 and earlier. Fixed by Orson Adams. (gh issue [#​771](https://redirect.github.com/dateutil/dateutil/issues/771), gh pr [#​1007](https://redirect.github.com/dateutil/dateutil/issues/1007)) #### Bugfixes - Removed a call to `datetime.utcfromtimestamp`, which is deprecated as of Python 3.12. Reported by Hugo van Kemenade (gh pr [#​1284](https://redirect.github.com/dateutil/dateutil/issues/1284)), fixed by Thomas Grainger (gh pr [#​1285](https://redirect.github.com/dateutil/dateutil/issues/1285)). #### Documentation changes - Added note into docs and tests where relativedelta would return last day of the month only if the same day on a different month resolves to a date that doesn't exist. Reported by [@​hawkEye-01](https://redirect.github.com/hawkEye-01) (gh issue [#​1167](https://redirect.github.com/dateutil/dateutil/issues/1167)). Fixed by [@​Mifrill](https://redirect.github.com/Mifrill) (gh pr [#​1168](https://redirect.github.com/dateutil/dateutil/issues/1168)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
|
Agree with @alfonsrv, the default should be set to False. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There are many punctuation characters that sometimes have significance in Markdown; more systematically escape them all (based on a new escape_misc configuration option).
A limited attempt is made to limit the escaping of '.' and ')' to the context where they might have Markdown significance (after a number, where they can indicate an ordered list item); no such attempt is made for the other characters (and even that limiting of '.' and ')' may not be entirely safe in all cases, as it's possible the HTML could have the number outside the block being escaped in one go, e.g.
<span>1</span>..Fixes #99