Fix markdown formatting issue #1286
Conversation
Zain-Mahmoud
requested review from
david-yz-liu
and removed request for
david-yz-liu
| This is used by our patched version of MessagesHandlerMixIn.add_message | ||
| (see python_ta/patches/messages.py). | ||
| """ | ||
| msg_definition.msg = ExtendedMarkup(msg_definition.msg) |
There was a problem hiding this comment.
@Zain-Mahmoud I noticed in your presentation yesterday: this isn't the right place to do this conversion. Look for where the PythonTA error messages are first loaded; this is part of how we handle the configuration files, before starting the "linting" process.
Pull Request Test Coverage Report for Build 21813417438Details
💛 - Coveralls |
| linter.msgs_store.register_message(message_definition) | ||
|
|
||
| if linter.reporter.name == "pyta-html": | ||
| msg_ids = linter.msgs_store.messages |
There was a problem hiding this comment.
This variable name is misleading as it's not just a list of ids that are being returned, but full "message" objects. Please pick a better variable name here and below for the loop variable.
| from pylint.reporters import BaseReporter | ||
|
|
||
| from .node_printers import LineType, render_message | ||
| from python_ta.util.extended_markup import ExtendedMarkup |
There was a problem hiding this comment.
Revert all changes in this file
| import os | ||
| import socket | ||
| import sys | ||
| from html import unescape |
There was a problem hiding this comment.
Revert changes in this file
| Try fixing the above code by adding spaces around the `+`, and replacing `print(result)` with `return result`. | ||
| After making these changes, re-run the file: PythonTA's analysis should not find any more issues! | ||
|
|
||
| Note: any "𝔄" characters in the source code will be rendered as an "&" in the error message's code snippet. |
There was a problem hiding this comment.
I looked into this a bit more and unicode has some Private Use Areas, which has code points that are guaranteed not to be used. We should be able to use one of these instead, rather than 𝔄. That way we don't need to mention this in the documentation either.
Note that you can use \u to write unicode code points directly in string literals (see here).
|
|
||
| class ExtendedMarkup(Markup): | ||
| """ | ||
| Extends the standard Markup class defined in markupsafe to include escaping of markdown characters |
There was a problem hiding this comment.
In general for docstrings, write one-line descriptions on the same line as the """. (Same for the escape method below.)
| """ | ||
|
|
||
| @classmethod | ||
| def escape(cls, s): |
There was a problem hiding this comment.
Add type annotations here
| Escape all markdown characters in s by replacing them with their corresponding escape sequence | ||
| """ | ||
| if isinstance(s, str): | ||
| markdown_chars = [ |
There was a problem hiding this comment.
This can be pulled out and defined as a top-level constant
| <div class="message"> | ||
| <p class="message-name"> | ||
| <span> [Line 20] Forbidden top-level code found on line 20 </span> | ||
| <span> [Line 20] Forbidden top-level code found on line None </span> |
There was a problem hiding this comment.
Be careful when updating snapshots. This test shouldn't have been updated, and indicates a bug in this implementation.
|
Hi @david-yz-liu, |
| "server_port": 2000 | ||
| }) | ||
|
|
||
| inject_script() No newline at end of file |
There was a problem hiding this comment.
This file doesn't need to call the function or really be executed at all; see my comments on the in the test file below.
| "~", | ||
| ":", | ||
| ] | ||
| unmapped_code_point = "\ue000" |
There was a problem hiding this comment.
Oh I forgot to mention this earlier, but for all top-level constants, please use the ALL_CAPS naming style for them. This applies to both markdown_chars and unmapped_code_point.
| output_path = os.path.normpath( | ||
| os.path.join(__file__, "../../test_reporters/output_files/injection_script_output.html") | ||
| ) | ||
| check_all(module_name=script_path, output=output_path) |
There was a problem hiding this comment.
This is good but can be improved further: you actually do not need to write the output to a file. Instead, use a StringIO buffer to store the output in memory (you can ask Herena about this, as she's the one who implemented this functionality for check_all)
| def inject_script(): | ||
| a = "hello" | ||
| x = f'{a + "<script>alert(2);</script>"}' | ||
| return x No newline at end of file |
There was a problem hiding this comment.
make sure this file ends with a newline
| def markdown_chars(): | ||
| y = "hello" | ||
| z = f'{y + "` ##world `"}' | ||
|
|
There was a problem hiding this comment.
Similar to the above comment, I recommend running this file through black to fix some formatting issues
.pre-commit-config.yaml
Outdated
| packages/python-ta/tests/test_reporters/snapshots/test_html_server/test_watch_persistence/watch_html_server_snapshot.html| | ||
| packages/python-ta/tests/test_reporters/snapshots/test_html_reporter/test_injection/script_injection.html| | ||
| packages/python-ta/tests/test_reporters/snapshots/test_html_reporter/test_markdown_escape/markdown_escape.html| | ||
| packages/python-ta/tests/test_reporters/output_files/injection_script_output.html| |
There was a problem hiding this comment.
Relating to my above comment, please remove the "output_files" from this PR and this file
david-yz-liu
left a comment
david-yz-liu
left a comment
There was a problem hiding this comment.
Nice work, @Zain-Mahmoud!
3 participants
Proposed Changes
This PR fixes a bug that caused user input containing certain markdown characters to be rendered as markdown by the markdown renderer (issue #1285)
...
Screenshots of your changes (if applicable)
Before:After:
Type of Change
(Write an
Xor a brief description next to the type or types that best describe your changes.)Checklist
(Complete each of the following items for your pull request. Indicate that you have completed an item by changing the
[ ]into a[x]in the raw text, or by clicking on the checkbox in the rendered description on GitHub.)Before opening your pull request:
After opening your pull request:
Questions and Comments