Skip to content

HiliteTreeprocessor doesn't leave escaped HTML entities intact. #988

Description

@aero31aero

I've written a script to reproduce this, which gives the following output.

$ python reproducer.py
TEXT     
================

 Test an indented block:

    ---
    ©
    <
    &
    >
    ---
    >
    <

UPSTREAM 
================

 <p>Test an indented block:</p>
<div class="codehilite"><pre><span></span><code>---
&amp;copy;
&lt;
&amp;
&gt;
---
&gt;
&lt;
</code></pre></div>

PATCHED
================

 <p>Test an indented block:</p>
<div class="codehilite"><pre><span></span><code>---
&amp;copy;
&amp;lt;
&amp;
&amp;gt;
---
&gt;
&lt;
</code></pre></div>

This is the patch:

diff --git markdown/extensions/codehilite.py markdown/extensions/codehilite.py
index 915dfcf..9eed561 100644
--- markdown/extensions/codehilite.py
+++ markdown/extensions/codehilite.py
@@ -225,9 +225,11 @@ class HiliteTreeprocessor(Treeprocessor):
 
     def code_unescape(self, text):
         """Unescape code."""
-        text = text.replace("&amp;", "&")
         text = text.replace("&lt;", "<")
         text = text.replace("&gt;", ">")
+        # Escaped '&' should be replaced at the end to avoid
+        # conflicting with < and >.
+        text = text.replace("&amp;", "&")
         return text
 
     def run(self, root):

Would you be willing to have a patch+tests for this?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions