search

pypa / readme_renderer

Safely render long_description/README files in Warehouse
Apache License 2.0
158 stars 88 forks source link

Allow specific class values only #201

Closed ewjoachim closed 1 year ago

ewjoachim commented 3 years ago

In order to avoid strange things, it would be better to ensure that rendered READMEs only contain the subset of classes that we expect them to contain.

jboarman commented 3 years ago

@ewjoachim

The latest cmarkgfm release makes an adjustment to how code blocks are rendered by removing CSS class assignments and favoring a lang attribute instead.

I've not studied the code here, but I did notice your earlier reference to the code class and this section of related code:

https://github.com/pypa/readme_renderer/blob/6a9b282823e033d4344ca519452c49def6d259ec/readme_renderer/markdown.py#L91

I'm sharing this in case there is any related concern to what you are working on here in this PR.

ewjoachim commented 3 years ago

Indeed! A good thing the dependency is restricted to <0.6.0 in setup.py, so our code won't have to handle both versions!

I guess it's something we'll have to look at when we upgrade but hopefully, when we do this, the impacts will be studied.

ewjoachim commented 3 years ago

Oh there's an overlap with #120 !