diff options
author | Waylan Limberg <waylan.limberg@icloud.com> | 2022-01-10 13:47:41 -0500 |
---|---|---|
committer | Waylan Limberg <waylan.limberg@icloud.com> | 2022-01-10 13:57:57 -0500 |
commit | af38c42706f8dff93694d4a7572003dbd8b0ddc0 (patch) | |
tree | d2f879bce807e6be77967388c3543002d8b77181 | |
parent | 1d41f13c774696d651921601c827ed500e2aa285 (diff) | |
download | python-markdown-af38c42706f8dff93694d4a7572003dbd8b0ddc0.tar.gz |
Disallow square brackets in reference link ids.
We already disallow right square brackets. This also disallows left
square brackets, which ensures link references will be less likely
to collide with standard links in some weird edge cases. Fixes #1209.
-rw-r--r-- | docs/change_log/index.md | 4 | ||||
-rw-r--r-- | markdown/blockprocessors.py | 2 | ||||
-rw-r--r-- | tests/test_syntax/inline/test_links.py | 34 |
3 files changed, 39 insertions, 1 deletions
diff --git a/docs/change_log/index.md b/docs/change_log/index.md index 0a4e2f3..ca4792b 100644 --- a/docs/change_log/index.md +++ b/docs/change_log/index.md @@ -3,6 +3,10 @@ title: Change Log Python-Markdown Change Log ========================= +(under development): version 3.3.7 (a bug-fix release). + +* Disallow square brackets in reference link ids (#1209). + Nov 17, 2021: version 3.3.6 (a bug-fix release). * Fix a dependency issue (#1195, #1196). diff --git a/markdown/blockprocessors.py b/markdown/blockprocessors.py index dac3f08..d901beb 100644 --- a/markdown/blockprocessors.py +++ b/markdown/blockprocessors.py @@ -559,7 +559,7 @@ class EmptyBlockProcessor(BlockProcessor): class ReferenceProcessor(BlockProcessor): """ Process link references. """ RE = re.compile( - r'^[ ]{0,3}\[([^\]]*)\]:[ ]*\n?[ ]*([^\s]+)[ ]*(?:\n[ ]*)?((["\'])(.*)\4[ ]*|\((.*)\)[ ]*)?$', re.MULTILINE + r'^[ ]{0,3}\[([^\[\]]*)\]:[ ]*\n?[ ]*([^\s]+)[ ]*(?:\n[ ]*)?((["\'])(.*)\4[ ]*|\((.*)\)[ ]*)?$', re.MULTILINE ) def test(self, parent, block): diff --git a/tests/test_syntax/inline/test_links.py b/tests/test_syntax/inline/test_links.py index 7a3e1c3..0458756 100644 --- a/tests/test_syntax/inline/test_links.py +++ b/tests/test_syntax/inline/test_links.py @@ -350,3 +350,37 @@ class TestReferenceLinks(TestCase): '<p>I would like to tell you about the [code of</p>\n' '<p>conduct][] we are using in this project.</p>' ) + + def test_ref_link_nested_left_bracket(self): + self.assertMarkdownRenders( + self.dedent( + """ + [Text[] + + [Text[]: http://example.com + """ + ), + self.dedent( + """ + <p>[Text[]</p> + <p>[Text[]: http://example.com</p> + """ + ) + ) + + def test_ref_link_nested_right_bracket(self): + self.assertMarkdownRenders( + self.dedent( + """ + [Text]] + + [Text]]: http://example.com + """ + ), + self.dedent( + """ + <p>[Text]]</p> + <p>[Text]]: http://example.com</p> + """ + ) + ) |