Hello community,
here is the log from the commit of package python-markdown2 for
openSUSE:Factory checked in at 2020-08-18 15:11:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-markdown2 (Old)
and /work/SRC/openSUSE:Factory/.python-markdown2.new.3399 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-markdown2"
Tue Aug 18 15:11:47 2020 rev:6 rq:827270 version:2.3.9
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-markdown2/python-markdown2.changes
2020-05-08 23:07:08.422081484 +0200
+++
/work/SRC/openSUSE:Factory/.python-markdown2.new.3399/python-markdown2.changes
2020-08-18 15:11:55.196062254 +0200
@@ -1,0 +2,11 @@
+Mon Aug 17 07:51:19 UTC 2020 - Dirk Mueller <dmuel...@suse.com>
+
+- update to 2.3.9:
+ - [pull #335] Added header support for wiki tables
+ - [pull #336] Reset _toc when convert is run
+ - [pull #353] XSS fix
+ - [pull #350] XSS fix
+- remove 0001-Fix-for-issue-348-incomplete-tags-with-punctuation-a.patch,
+ 0002-Fixed-code-highlighting-unit-tests.patch (upstream)
+
+-------------------------------------------------------------------
Old:
----
0001-Fix-for-issue-348-incomplete-tags-with-punctuation-a.patch
0002-Fixed-code-highlighting-unit-tests.patch
markdown2-2.3.8.tar.gz
New:
----
markdown2-2.3.9.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-markdown2.spec ++++++
--- /var/tmp/diff_new_pack.w4bxe4/_old 2020-08-18 15:11:55.772062492 +0200
+++ /var/tmp/diff_new_pack.w4bxe4/_new 2020-08-18 15:11:55.776062494 +0200
@@ -18,15 +18,13 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-markdown2
-Version: 2.3.8
+Version: 2.3.9
Release: 0
Summary: A Python implementation of Markdown
License: MIT
Group: Development/Languages/Python
URL: https://github.com/trentm/python-markdown2
Source:
https://files.pythonhosted.org/packages/source/m/markdown2/markdown2-%{version}.tar.gz
-Patch0: 0001-Fix-for-issue-348-incomplete-tags-with-punctuation-a.patch
-Patch1: 0002-Fixed-code-highlighting-unit-tests.patch
BuildRequires: %{python_module pygments}
BuildRequires: %{python_module setuptools}
BuildRequires: fdupes
@@ -46,8 +44,6 @@
%prep
%setup -q -n markdown2-%{version}
-%patch0 -p1
-%patch1 -p1
%build
%python_build
++++++ markdown2-2.3.8.tar.gz -> markdown2-2.3.9.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/CHANGES.md
new/markdown2-2.3.9/CHANGES.md
--- old/markdown2-2.3.8/CHANGES.md 2019-05-29 20:55:44.000000000 +0200
+++ new/markdown2-2.3.9/CHANGES.md 2020-05-12 02:07:43.000000000 +0200
@@ -1,5 +1,13 @@
# python-markdown2 Changelog
+## python-markdown2 2.3.9
+
+- [pull #335] Added header support for wiki tables
+- [pull #336] Reset _toc when convert is run
+- [pull #353] XSS fix
+- [pull #350] XSS fix
+
+
## python-markdown2 2.3.8
- [pull #317] Temporary fix to issue #150
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/CONTRIBUTORS.txt
new/markdown2-2.3.9/CONTRIBUTORS.txt
--- old/markdown2-2.3.8/CONTRIBUTORS.txt 2019-05-28 19:49:01.000000000
+0200
+++ new/markdown2-2.3.9/CONTRIBUTORS.txt 2020-05-04 19:00:34.000000000
+0200
@@ -42,3 +42,5 @@
Alex Elzenaar (github.com/aelzenaar)
Francisco Saldaña (github.com/FrankSalad)
Shivam Kumar Jha (github.com/thealphadollar)
+ryanvilbrandt (github.com/ryanvilbrandt)
+Gareth Simpson (github.com/xurble)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/PKG-INFO new/markdown2-2.3.9/PKG-INFO
--- old/markdown2-2.3.8/PKG-INFO 2019-05-29 20:55:53.000000000 +0200
+++ new/markdown2-2.3.9/PKG-INFO 2020-05-12 02:07:55.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: markdown2
-Version: 2.3.8
+Version: 2.3.9
Summary: A fast and complete Python implementation of Markdown
Home-page: https://github.com/trentm/python-markdown2
Author: Trent Mick
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/lib/markdown2.egg-info/PKG-INFO
new/markdown2-2.3.9/lib/markdown2.egg-info/PKG-INFO
--- old/markdown2-2.3.8/lib/markdown2.egg-info/PKG-INFO 2019-05-29
20:55:52.000000000 +0200
+++ new/markdown2-2.3.9/lib/markdown2.egg-info/PKG-INFO 2020-05-12
02:07:55.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: markdown2
-Version: 2.3.8
+Version: 2.3.9
Summary: A fast and complete Python implementation of Markdown
Home-page: https://github.com/trentm/python-markdown2
Author: Trent Mick
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/lib/markdown2.egg-info/SOURCES.txt
new/markdown2-2.3.9/lib/markdown2.egg-info/SOURCES.txt
--- old/markdown2-2.3.8/lib/markdown2.egg-info/SOURCES.txt 2019-05-29
20:55:52.000000000 +0200
+++ new/markdown2-2.3.9/lib/markdown2.egg-info/SOURCES.txt 2020-05-12
02:07:55.000000000 +0200
@@ -223,6 +223,12 @@
test/tm-cases/issue2_safe_mode_borks_markup.opts
test/tm-cases/issue2_safe_mode_borks_markup.tags
test/tm-cases/issue2_safe_mode_borks_markup.text
+test/tm-cases/issue341_xss.html
+test/tm-cases/issue341_xss.opts
+test/tm-cases/issue341_xss.text
+test/tm-cases/issue348_incomplete_tag.html
+test/tm-cases/issue348_incomplete_tag.opts
+test/tm-cases/issue348_incomplete_tag.text
test/tm-cases/issue3_bad_code_color_hack.html
test/tm-cases/issue3_bad_code_color_hack.opts
test/tm-cases/issue3_bad_code_color_hack.tags
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/lib/markdown2.py
new/markdown2-2.3.9/lib/markdown2.py
--- old/markdown2-2.3.8/lib/markdown2.py 2019-05-28 19:47:41.000000000
+0200
+++ new/markdown2-2.3.9/lib/markdown2.py 2020-05-11 23:24:03.000000000
+0200
@@ -96,7 +96,7 @@
# not yet sure if there implications with this. Compare 'pydoc sre'
# and 'perldoc perlre'.
-__version_info__ = (2, 3, 8)
+__version_info__ = (2, 3, 9)
__version__ = '.'.join(map(str, __version_info__))
__author__ = "Trent Mick"
@@ -200,7 +200,10 @@
titles = None
html_blocks = None
html_spans = None
- html_removed_text = "[HTML_REMOVED]" # for compat with markdown.py
+ html_removed_text = "{(#HTML#)}" # placeholder removed text that does not
trigger bold
+ html_removed_text_compat = "[HTML_REMOVED]" # for compat with markdown.py
+
+ _toc = None
# Used to track when we're inside an ordered or unordered list
# (see _ProcessListItems() for details):
@@ -217,6 +220,7 @@
else:
self.empty_element_suffix = " />"
self.tab_width = tab_width
+ self.tab = tab_width * " "
# For compatibility with earlier markdown2.py and with
# markdown.py's safe_mode being a boolean,
@@ -273,6 +277,7 @@
self._count_from_header_id = defaultdict(int)
if "metadata" in self.extras:
self.metadata = {}
+ self._toc = None
# Per <https://developer.mozilla.org/en-US/docs/HTML/Element/a> "rel"
# should only be used in <a> tags with an "href" attribute.
@@ -384,6 +389,8 @@
if self.safe_mode:
text = self._unhash_html_spans(text)
+ # return the removed text warning to its markdown.py compatible
form
+ text = text.replace(self.html_removed_text,
self.html_removed_text_compat)
if "nofollow" in self.extras:
text = self._a_nofollow.sub(r'<\1 rel="nofollow"\2', text)
@@ -1070,23 +1077,43 @@
def _wiki_table_sub(self, match):
ttext = match.group(0).strip()
- # print 'wiki table: %r' % match.group(0)
+ # print('wiki table: %r' % match.group(0))
rows = []
for line in ttext.splitlines(0):
line = line.strip()[2:-2].strip()
row = [c.strip() for c in re.split(r'(?<!\\)\|\|', line)]
rows.append(row)
+ # from pprint import pprint
# pprint(rows)
- hlines = ['<table%s>' % self._html_class_str_from_tag('table'),
'<tbody>']
- for row in rows:
- hrow = ['<tr>']
- for cell in row:
- hrow.append('<td>')
- hrow.append(self._run_span_gamut(cell))
- hrow.append('</td>')
- hrow.append('</tr>')
- hlines.append(''.join(hrow))
- hlines += ['</tbody>', '</table>']
+ hlines = []
+
+ def add_hline(line, indents=0):
+ hlines.append((self.tab * indents) + line)
+
+ def format_cell(text):
+ return self._run_span_gamut(re.sub(r"^\s*~", "", cell).strip(" "))
+
+ add_hline('<table%s>' % self._html_class_str_from_tag('table'))
+ # Check if first cell of first row is a header cell. If so, assume the
whole row is a header row.
+ if rows and rows[0] and re.match(r"^\s*~", rows[0][0]):
+ add_hline('<thead>', 1)
+ add_hline('<tr>', 2)
+ for cell in rows[0]:
+ add_hline("<th>{}</th>".format(format_cell(cell)), 3)
+ add_hline('</tr>', 2)
+ add_hline('</thead>', 1)
+ # Only one header row allowed.
+ rows = rows[1:]
+ # If no more rows, don't create a tbody.
+ if rows:
+ add_hline('<tbody>', 1)
+ for row in rows:
+ add_hline('<tr>', 2)
+ for cell in row:
+ add_hline('<td>{}</td>'.format(format_cell(cell)), 3)
+ add_hline('</tr>', 2)
+ add_hline('</tbody>', 1)
+ add_hline('</table>')
return '\n'.join(hlines) + '\n'
def _do_wiki_tables(self, text):
@@ -1351,6 +1378,11 @@
continue
link_text = text[start_idx+1:p]
+ # Fix for issue 341 - Injecting XSS into link text
+ if self.safe_mode:
+ link_text = self._hash_html_spans(link_text)
+ link_text = self._unhash_html_spans(link_text)
+
# Possibly a footnote ref?
if "footnotes" in self.extras and link_text.startswith("^"):
normed_id = re.sub(r'\W', '-', link_text[1:])
@@ -1509,7 +1541,6 @@
return header_id
- _toc = None
def _toc_add_entry(self, level, id, name):
if level > self._toc_depth:
return
@@ -2141,11 +2172,14 @@
text = self._naked_gt_re.sub('>', text)
return text
- _incomplete_tags_re = re.compile("<(/?\w+[\s/]+?)")
+ _incomplete_tags_re = re.compile("<(/?\w+?(?!\w).+?[\s/]+?)")
def _encode_incomplete_tags(self, text):
if self.safe_mode not in ("replace", "escape"):
return text
+
+ if text.endswith(">"):
+ return text # this is not an incomplete tag, this is a link in
the form <http://x.y.z>
return self._incomplete_tags_re.sub("<\\1", text)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/setup.cfg
new/markdown2-2.3.9/setup.cfg
--- old/markdown2-2.3.8/setup.cfg 2019-05-29 20:55:53.000000000 +0200
+++ new/markdown2-2.3.9/setup.cfg 2020-05-12 02:07:55.000000000 +0200
@@ -2,7 +2,7 @@
universal = 1
[egg_info]
-tag_svn_revision = 0
-tag_date = 0
tag_build =
+tag_date = 0
+tag_svn_revision = 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/test/test_markdown2.py
new/markdown2-2.3.9/test/test_markdown2.py
--- old/markdown2-2.3.8/test/test_markdown2.py 2018-09-26 02:50:46.000000000
+0200
+++ new/markdown2-2.3.9/test/test_markdown2.py 2019-11-25 19:09:50.000000000
+0100
@@ -291,6 +291,52 @@
'<h2>%s</h2>\n' % ko)
test_russian.tags = ["unicode", "issue3"]
+ def test_toc_with_persistent_object(self):
+ """
+ Tests that the toc is the same every time it's run on HTML, even if
the Markdown object isn't disposed of.
+ """
+ md = markdown2.Markdown(extras=["toc"])
+ html = """
+# Header 1
+## Header 1.1
+## Header 1.2
+### Header 1.3
+# Header 2
+## Header 2.1
+ """
+ expected_toc_html = """<ul>
+ <li><a href="#header-1">Header 1</a>
+ <ul>
+ <li><a href="#header-11">Header 1.1</a></li>
+ <li><a href="#header-12">Header 1.2</a>
+ <ul>
+ <li><a href="#header-13">Header 1.3</a></li>
+ </ul></li>
+ </ul></li>
+ <li><a href="#header-2">Header 2</a>
+ <ul>
+ <li><a href="#header-21">Header 2.1</a></li>
+ </ul></li>
+</ul>
+"""
+ self.assertEqual(expected_toc_html, md.convert(html).toc_html)
+ # Do it again, to check if the toc_html is just appended rather than
replaced
+ self.assertEqual(expected_toc_html, md.convert(html).toc_html)
+ # Create different html, and confirm toc_html is replaced
+ html = """
+# I'm new html
+## I don't have to be long, just different
+"""
+ expected_toc_html = """<ul>
+ <li><a href="#im-new-html">I'm new html</a>
+ <ul>
+ <li><a href="#i-dont-have-to-be-long-just-different">I don't have to be
long, just different</a></li>
+ </ul></li>
+</ul>
+"""
+ self.assertEqual(expected_toc_html, md.convert(html).toc_html)
+ test_toc_with_persistent_object.tags = ["toc", "issue208"]
+
class DocTestsTestCase(unittest.TestCase):
def test_api(self):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/markdown2-2.3.8/test/tm-cases/fenced_code_blocks_leading_lang_space.html
new/markdown2-2.3.9/test/tm-cases/fenced_code_blocks_leading_lang_space.html
---
old/markdown2-2.3.8/test/tm-cases/fenced_code_blocks_leading_lang_space.html
2018-09-30 23:04:36.000000000 +0200
+++
new/markdown2-2.3.9/test/tm-cases/fenced_code_blocks_leading_lang_space.html
2020-01-23 00:56:00.000000000 +0100
@@ -1,3 +1,3 @@
-<div class="codehilite"><pre><span></span><code><span class="k">if</span>
<span class="bp">True</span><span class="p">:</span>
- <span class="k">print</span> <span class="s2">"hi"</span>
+<div class="codehilite"><pre><span></span><code><span class="k">if</span>
<span class="kc">True</span><span class="p">:</span>
+ <span class="nb">print</span> <span class="s2">"hi"</span>
</code></pre></div>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/markdown2-2.3.8/test/tm-cases/fenced_code_blocks_safe_highlight.html
new/markdown2-2.3.9/test/tm-cases/fenced_code_blocks_safe_highlight.html
--- old/markdown2-2.3.8/test/tm-cases/fenced_code_blocks_safe_highlight.html
2018-09-30 23:04:36.000000000 +0200
+++ new/markdown2-2.3.9/test/tm-cases/fenced_code_blocks_safe_highlight.html
2020-01-23 00:56:00.000000000 +0100
@@ -1,5 +1,5 @@
-<div class="codehilite"><pre><span></span><code><span class="k">if</span>
<span class="bp">True</span><span class="p">:</span>
- <span class="k">print</span> <span class="s2">"hi"</span>
+<div class="codehilite"><pre><span></span><code><span class="k">if</span>
<span class="kc">True</span><span class="p">:</span>
+ <span class="nb">print</span> <span class="s2">"hi"</span>
</code></pre></div>
<p>That's using the <em>fenced-code-blocks</em> extra with Python
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/markdown2-2.3.8/test/tm-cases/fenced_code_blocks_syntax_highlighting.html
new/markdown2-2.3.9/test/tm-cases/fenced_code_blocks_syntax_highlighting.html
---
old/markdown2-2.3.8/test/tm-cases/fenced_code_blocks_syntax_highlighting.html
2018-09-30 23:04:36.000000000 +0200
+++
new/markdown2-2.3.9/test/tm-cases/fenced_code_blocks_syntax_highlighting.html
2020-01-23 00:56:00.000000000 +0100
@@ -1,5 +1,5 @@
-<div class="codehilite"><pre><span></span><code><span class="k">if</span>
<span class="bp">True</span><span class="p">:</span>
- <span class="k">print</span> <span class="s2">"hi"</span>
+<div class="codehilite"><pre><span></span><code><span class="k">if</span>
<span class="kc">True</span><span class="p">:</span>
+ <span class="nb">print</span> <span class="s2">"hi"</span>
</code></pre></div>
<p>That's using the <em>fenced-code-blocks</em> extra with Python
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/markdown2-2.3.8/test/tm-cases/fenced_code_blocks_syntax_indentation.html
new/markdown2-2.3.9/test/tm-cases/fenced_code_blocks_syntax_indentation.html
---
old/markdown2-2.3.8/test/tm-cases/fenced_code_blocks_syntax_indentation.html
2018-09-30 23:04:36.000000000 +0200
+++
new/markdown2-2.3.9/test/tm-cases/fenced_code_blocks_syntax_indentation.html
2020-01-23 00:56:00.000000000 +0100
@@ -1,5 +1,5 @@
<div class="codehilite"><pre><span></span><code><span class="k">def</span>
<span class="nf">foo</span><span class="p">():</span>
- <span class="k">print</span> <span class="s2">"foo"</span>
+ <span class="nb">print</span> <span class="s2">"foo"</span>
- <span class="k">print</span> <span class="s2">"bar"</span>
+ <span class="nb">print</span> <span class="s2">"bar"</span>
</code></pre></div>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/test/tm-cases/html_classes.html
new/markdown2-2.3.9/test/tm-cases/html_classes.html
--- old/markdown2-2.3.8/test/tm-cases/html_classes.html 2019-05-09
00:01:50.000000000 +0200
+++ new/markdown2-2.3.9/test/tm-cases/html_classes.html 2019-11-25
03:18:43.000000000 +0100
@@ -18,12 +18,30 @@
</table>
<table class="table table-striped">
-<tbody>
-<tr><td><em>Year</em></td><td><em>Temperature
(low)</em></td><td><em>Temperature (high)</em></td></tr>
-<tr><td>1900</td><td>-10</td><td>25</td></tr>
-<tr><td>1910</td><td>-15</td><td>30</td></tr>
-<tr><td>1920</td><td>-10</td><td>32</td></tr>
-</tbody>
+ <thead>
+ <tr>
+ <th>Year</th>
+ <th>Temperature (low)</th>
+ <th>Temperature (high)</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>1900</td>
+ <td>-10</td>
+ <td>25</td>
+ </tr>
+ <tr>
+ <td>1910</td>
+ <td>-15</td>
+ <td>30</td>
+ </tr>
+ <tr>
+ <td>1920</td>
+ <td>-10</td>
+ <td>32</td>
+ </tr>
+ </tbody>
</table>
<p class="col-xs-3 custom-paragraph-class">For example:</p>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/test/tm-cases/html_classes.text
new/markdown2-2.3.9/test/tm-cases/html_classes.text
--- old/markdown2-2.3.8/test/tm-cases/html_classes.text 2014-12-22
06:29:36.000000000 +0100
+++ new/markdown2-2.3.9/test/tm-cases/html_classes.text 2019-11-25
03:18:43.000000000 +0100
@@ -3,7 +3,7 @@
| `Cell 1` | [Cell 2](http://example.com) link |
| Cell 3 | **Cell 4** |
-|| *Year* || *Temperature (low)* || *Temperature (high)* ||
+||~ Year ||~ Temperature (low) ||~ Temperature (high) ||
|| 1900 || -10 || 25 ||
|| 1910 || -15 || 30 ||
|| 1920 || -10 || 32 ||
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/test/tm-cases/issue341_xss.html
new/markdown2-2.3.9/test/tm-cases/issue341_xss.html
--- old/markdown2-2.3.8/test/tm-cases/issue341_xss.html 1970-01-01
01:00:00.000000000 +0100
+++ new/markdown2-2.3.9/test/tm-cases/issue341_xss.html 2020-05-11
23:24:03.000000000 +0200
@@ -0,0 +1,5 @@
+<p>Example 1:
+<ftp:<a href="#">[HTML_REMOVED]alert(1);//</a>><ftp:<a
href="#">[HTML_REMOVED]</a>></p>
+
+<p>Example 2:
+<http://g<!s://q?<!-<<a
href="http://g";>[HTML_REMOVED]alert(1);/*</a>->a><http://g<!s://g.c?<!-<<a
href="http://g";>a\\*/[HTML_REMOVED]alert(1);/*</a>->a></p>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/test/tm-cases/issue341_xss.opts
new/markdown2-2.3.9/test/tm-cases/issue341_xss.opts
--- old/markdown2-2.3.8/test/tm-cases/issue341_xss.opts 1970-01-01
01:00:00.000000000 +0100
+++ new/markdown2-2.3.9/test/tm-cases/issue341_xss.opts 2020-05-11
23:24:03.000000000 +0200
@@ -0,0 +1 @@
+{"safe_mode": "replace"}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/test/tm-cases/issue341_xss.text
new/markdown2-2.3.9/test/tm-cases/issue341_xss.text
--- old/markdown2-2.3.8/test/tm-cases/issue341_xss.text 1970-01-01
01:00:00.000000000 +0100
+++ new/markdown2-2.3.9/test/tm-cases/issue341_xss.text 2020-05-11
23:24:03.000000000 +0200
@@ -0,0 +1,5 @@
+Example 1:
+<ftp:[<script>alert(1);//]()><ftp:[</script>]()>
+
+Example 2:
+<http://g<!s://q?<!-<[<script>alert(1);/\*](http://g)->a><http://g<!s://g.c?<!-<[a\\*/</script>alert(1);/*](http://g)->a>
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/markdown2-2.3.8/test/tm-cases/issue348_incomplete_tag.html
new/markdown2-2.3.9/test/tm-cases/issue348_incomplete_tag.html
--- old/markdown2-2.3.8/test/tm-cases/issue348_incomplete_tag.html
1970-01-01 01:00:00.000000000 +0100
+++ new/markdown2-2.3.9/test/tm-cases/issue348_incomplete_tag.html
2020-05-04 18:54:15.000000000 +0200
@@ -0,0 +1 @@
+<p><lol@/ //id="pwn"//onclick="alert(1)"//<strong>abc</strong></p>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/markdown2-2.3.8/test/tm-cases/issue348_incomplete_tag.opts
new/markdown2-2.3.9/test/tm-cases/issue348_incomplete_tag.opts
--- old/markdown2-2.3.8/test/tm-cases/issue348_incomplete_tag.opts
1970-01-01 01:00:00.000000000 +0100
+++ new/markdown2-2.3.9/test/tm-cases/issue348_incomplete_tag.opts
2020-05-04 18:54:15.000000000 +0200
@@ -0,0 +1 @@
+{"safe_mode": "escape"}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/markdown2-2.3.8/test/tm-cases/issue348_incomplete_tag.text
new/markdown2-2.3.9/test/tm-cases/issue348_incomplete_tag.text
--- old/markdown2-2.3.8/test/tm-cases/issue348_incomplete_tag.text
1970-01-01 01:00:00.000000000 +0100
+++ new/markdown2-2.3.9/test/tm-cases/issue348_incomplete_tag.text
2020-05-04 18:54:15.000000000 +0200
@@ -0,0 +1 @@
+<lol@/ //id="pwn"//onclick="alert(1)"//**abc**
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/markdown2-2.3.8/test/tm-cases/issue3_bad_code_color_hack.html
new/markdown2-2.3.9/test/tm-cases/issue3_bad_code_color_hack.html
--- old/markdown2-2.3.8/test/tm-cases/issue3_bad_code_color_hack.html
2018-09-30 23:04:36.000000000 +0200
+++ new/markdown2-2.3.9/test/tm-cases/issue3_bad_code_color_hack.html
2020-01-23 00:56:00.000000000 +0100
@@ -7,6 +7,6 @@
<p>Some python code:</p>
<div class="codehilite"><pre><span></span><code><span class="c1">#
комментарий</span>
-<span class="k">if</span> <span class="bp">True</span><span class="p">:</span>
- <span class="k">print</span> <span class="s2">"hi"</span>
+<span class="k">if</span> <span class="kc">True</span><span class="p">:</span>
+ <span class="nb">print</span> <span class="s2">"hi"</span>
</code></pre></div>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/test/tm-cases/wiki_tables.html
new/markdown2-2.3.9/test/tm-cases/wiki_tables.html
--- old/markdown2-2.3.8/test/tm-cases/wiki_tables.html 2013-11-12
18:07:14.000000000 +0100
+++ new/markdown2-2.3.9/test/tm-cases/wiki_tables.html 2019-11-25
03:18:43.000000000 +0100
@@ -1,28 +1,123 @@
<table>
-<tbody>
-<tr><td><em>Year</em></td><td><em>Temperature
(low)</em></td><td><em>Temperature (high)</em></td></tr>
-<tr><td>1900</td><td>-10</td><td>25</td></tr>
-<tr><td>1910</td><td>-15</td><td>30</td></tr>
-<tr><td>1920</td><td>-10</td><td>32</td></tr>
-</tbody>
+ <tbody>
+ <tr>
+ <td><em>Year</em></td>
+ <td><em>Temperature (low)</em></td>
+ <td><em>Temperature (high)</em></td>
+ </tr>
+ <tr>
+ <td>1900</td>
+ <td>-10</td>
+ <td>25</td>
+ </tr>
+ <tr>
+ <td>1910</td>
+ <td>-15</td>
+ <td>30</td>
+ </tr>
+ <tr>
+ <td>1920</td>
+ <td>-10</td>
+ <td>32</td>
+ </tr>
+ </tbody>
+</table>
+
+<h1>With header row</h1>
+
+<table>
+ <thead>
+ <tr>
+ <th>Name</th>
+ <th>Class</th>
+ <th>Race</th>
+ <th>Level</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>Vlad</td>
+ <td>Barbarian</td>
+ <td>Dragonborn</td>
+ <td>12</td>
+ </tr>
+ <tr>
+ <td>Jimbo</td>
+ <td>Rogue</td>
+ <td>Halfling</td>
+ <td>13</td>
+ </tr>
+ </tbody>
+</table>
+
+<h1>With only header row</h1>
+
+<table>
+ <thead>
+ <tr>
+ <th>Name</th>
+ <th>Class</th>
+ <th>Race</th>
+ <th>Level</th>
+ </tr>
+ </thead>
+</table>
+
+<h1>With header row, alternate spacing</h1>
+
+<table>
+ <thead>
+ <tr>
+ <th>Name</th>
+ <th>Class</th>
+ <th>Race</th>
+ <th>Level</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>Vlad</td>
+ <td>Barbarian</td>
+ <td>Dragonborn</td>
+ <td>12</td>
+ </tr>
+ <tr>
+ <td>Jimbo</td>
+ <td>Rogue</td>
+ <td>Halfling</td>
+ <td>13</td>
+ </tr>
+ </tbody>
</table>
<h1>just one line</h1>
<table>
-<tbody>
-<tr><td>foo</td><td>bar</td><td>baz</td></tr>
-</tbody>
+ <tbody>
+ <tr>
+ <td>foo</td>
+ <td>bar</td>
+ <td>baz</td>
+ </tr>
+ </tbody>
</table>
<h1>blockquote</h1>
<blockquote>
<table>
- <tbody>
- <tr><td>grinch</td><td>stole</td><td>xmas</td></tr>
- <tr><td>green</td><td><strong>eggs</strong></td><td>ham</td></tr>
- </tbody>
+ <tbody>
+ <tr>
+ <td>grinch</td>
+ <td>stole</td>
+ <td>xmas</td>
+ </tr>
+ <tr>
+ <td>green</td>
+ <td><strong>eggs</strong></td>
+ <td>ham</td>
+ </tr>
+ </tbody>
</table>
<p>-- Dr. Seuss</p>
@@ -31,7 +126,10 @@
<h1>end of file</h1>
<table>
-<tbody>
-<tr><td>ResourceNotFound</td><td>If :login does not exist</td></tr>
-</tbody>
+ <tbody>
+ <tr>
+ <td>ResourceNotFound</td>
+ <td>If :login does not exist</td>
+ </tr>
+ </tbody>
</table>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/test/tm-cases/wiki_tables.tags
new/markdown2-2.3.9/test/tm-cases/wiki_tables.tags
--- old/markdown2-2.3.8/test/tm-cases/wiki_tables.tags 2013-11-12
18:07:14.000000000 +0100
+++ new/markdown2-2.3.9/test/tm-cases/wiki_tables.tags 2019-11-25
03:18:43.000000000 +0100
@@ -1 +1 @@
-extra wiki-tables issue66
+extra wiki-tables
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/markdown2-2.3.8/test/tm-cases/wiki_tables.text
new/markdown2-2.3.9/test/tm-cases/wiki_tables.text
--- old/markdown2-2.3.8/test/tm-cases/wiki_tables.text 2013-11-12
18:07:14.000000000 +0100
+++ new/markdown2-2.3.9/test/tm-cases/wiki_tables.text 2019-11-25
03:18:43.000000000 +0100
@@ -3,6 +3,21 @@
|| 1910 || -15 || 30 ||
|| 1920 || -10 || 32 ||
+# With header row
+
+||~ Name ||~ Class ||~ Race ||~ Level ||
+|| Vlad || Barbarian || Dragonborn || 12 ||
+|| Jimbo || Rogue || Halfling || 13 ||
+
+# With only header row
+
+||~ Name ||~ Class ||~ Race ||~ Level ||
+
+# With header row, alternate spacing
+
+|| ~Name || ~Class || ~Race || ~Level ||
+|| Vlad || Barbarian || Dragonborn || 12 ||
+|| Jimbo || Rogue || Halfling || 13 ||
# just one line
