def text(self, value): self._text = value # N.B. We MUST take care here of appropriately escaping the user # input. Code elsewhere will assume that the content of the # `text_rendered` field is safe for printing without further escaping. # # `markdown.render` does the hard work for now. self._text_rendered = markdown_render.render(value)
def test_it_adds_target_blank_and_rel_nofollow_to_links(self): actual = markdown_render.render('<a href="https://example.org">Hello</a>') expected = '<p><a href="https://example.org" target="_blank" rel="nofollow noopener">Hello</a></p>' assert actual == expected
def test_it_escapes_evil_html(self, text, expected): assert markdown_render.render(text) == expected
def test_it_renders_markdown(self): actual = markdown_render.render("_emphasis_ **bold**") assert actual == "<p><em>emphasis</em> <strong>bold</strong></p>"
def test_it_allows_markdown_html(self, text): # HTML tags that Markdown can output are allowed through unsanitized. assert markdown_render.render(text) == text
def test_it_ignores_inline_math(self): actual = markdown_render.render(r"Foobar \(1 + 1 = 2\)") assert actual == "<p>Foobar \\(1 + 1 = 2\\)</p>"
def test_it_ignores_math_block(self): actual = markdown_render.render("$$1 + 1 = 2$$") assert actual == "<p>$$1 + 1 = 2$$</p>"