Update Mistune and add escape parameter #108
Conversation
This is needed to the actual renderer can escape (or not) the text value. Depending on the escape parameter on the renderer
These are needed by mistune renderer
|
Hey @Bass-03 Thanks a lot for this. @iamjackg Any way we can get this merged upstream and released? In Mistune through 2.0.2, there is a Regular Expression Denial of Service (ReDoS) flaw.
|
iamjackg
left a comment
iamjackg
left a comment
There was a problem hiding this comment.
Thank you so much for submitting this :) Left some comments.
remove uneeded packages as for latest md2cf version
|
Thank you both for looking into this. And thank you @iamjackg for the tool, it is very helpful 😄 |
|
Hey @iamjackg @Bass-03 Any updates on this? I'm happy to hop in and make any changes if necessary. |
|
hey @schneiderl |
3 participants
I noticed mistune was pinned to version 0.8.4, I updated it to v 3.0.1 (which covers #81 and #82 ((sorry))), all tests passing too.
While at it, I added the escape parameter mentioned on #34, which enables the rendering of quotes and other symbols instead of html escaped symbols.
I added that to the library but not to the CLI, the default is to not escape HTML stuff.
My main goal is to be able to get unescaped HTML, mainly for linking other confluence pages and maybe adding macros as mentioned on #34, But I though the new Mistune could handle it, let's see if that works.