Fix unescaping of HTML characters <> in CodeHilite. (#990)

Previously, we'd unescape both `&gt;` and `>` to the same string because we were running the & => & replacement first. By changing the order of this replacement, we now convert: `&gt; >` => `> >` as expected. Fixes #988.
author: Rohitt Vashishtha <aero31aero@gmail.com> 2020-06-29 17:35:17 +0000
committer: GitHub <noreply@github.com> 2020-06-29 13:35:17 -0400
commit: 071c4f1420ac3c80ad621522b9996bcc1cd94bcf (patch)
tree: a1714a0f0e7c9b81dd7b9d9d84cf4c6d8de82509
parent: 570625884328ea3c71000391de77776691074033 (diff)
download: python-markdown-071c4f1420ac3c80ad621522b9996bcc1cd94bcf.tar.gz
4 files changed, 28 insertions, 1 deletions
diff --git a/.spell-dict b/.spell-dict
index 114e4b2..eed0f67 100644
--- a/.spell-dict
+++ b/.spell-dict
@@ -132,6 +132,7 @@ Treeprocessors
 tuple
 tuples
 unescape
+unescaping
 unittest
 unordered
 untrusted
diff --git a/docs/change_log/release-3.3.md b/docs/change_log/release-3.3.md
index 339c98c..c29ddcc 100644
--- a/docs/change_log/release-3.3.md
+++ b/docs/change_log/release-3.3.md
@@ -56,6 +56,7 @@ The following bug fixes are included in the 3.3 release:
 * Avoid a `RecursionError` from deeply nested blockquotes (#799).
 * Fix issues with complex emphasis (#979).
 * Limitations of `attr_list` extension are Documented (#965).
+* Fix unescaping of HTML characters `<>` in CodeHilite (#990).
 
 [spec]: https://www.w3.org/TR/html5/text-level-semantics.html#the-code-element
 [fenced_code]: ../extensions/fenced_code_blocks.md
diff --git a/markdown/extensions/codehilite.py b/markdown/extensions/codehilite.py
index 915dfcf..9eed561 100644
--- a/markdown/extensions/codehilite.py
+++ b/markdown/extensions/codehilite.py
@@ -225,9 +225,11 @@ class HiliteTreeprocessor(Treeprocessor):
 
     def code_unescape(self, text):
         """Unescape code."""
-        text = text.replace("&amp;", "&")
         text = text.replace("&lt;", "<")
         text = text.replace("&gt;", ">")
+        # Escaped '&' should be replaced at the end to avoid
+        # conflicting with < and >.
+        text = text.replace("&amp;", "&")
         return text
 
     def run(self, root):
diff --git a/tests/test_syntax/extensions/test_code_hilite.py b/tests/test_syntax/extensions/test_code_hilite.py
index b60c483..8d5512d 100644
--- a/tests/test_syntax/extensions/test_code_hilite.py
+++ b/tests/test_syntax/extensions/test_code_hilite.py
@@ -564,6 +564,29 @@ class TestCodeHiliteExtension(TestCase):
             extensions=['codehilite']
         )
 
+    def testEntitiesIntact(self):
+        if has_pygments:
+            expected = (
+                '<div class="codehilite"><pre>'
+                '<span></span>'
+                '<code>&lt; &amp;lt; and &gt; &amp;gt;'
+                '\n</code></pre></div>'
+            )
+        else:
+            expected = (
+                '<pre class="codehilite"><code class="language-text">'
+                '&lt; &amp;lt; and &gt; &amp;gt;\n'
+                '</code></pre>'
+            )
+        self.assertMarkdownRenders(
+            (
+                '\t:::text\n'
+                '\t< &lt; and > &gt;'
+            ),
+            expected,
+            extensions=['codehilite']
+        )
+
     def testHighlightAmps(self):
         if has_pygments:
             expected = (
author	Rohitt Vashishtha <aero31aero@gmail.com>	2020-06-29 17:35:17 +0000
committer	GitHub <noreply@github.com>	2020-06-29 13:35:17 -0400
commit	071c4f1420ac3c80ad621522b9996bcc1cd94bcf (patch)
tree	a1714a0f0e7c9b81dd7b9d9d84cf4c6d8de82509
parent	570625884328ea3c71000391de77776691074033 (diff)
download	python-markdown-071c4f1420ac3c80ad621522b9996bcc1cd94bcf.tar.gz