def render_block_code(self, token):
template = '<pre><code{attr}>{inner}</code></pre>'
if token.language:
attr = ' class="{}"'.format('language-{}'.format(self.escape_html(token.language)))
else:
attr = ''
inner = html.escape(token.children[0].content)
return template.format(attr=attr, inner=inner)
def render_block_code(self, token):
el_pre = etree.Element('pre')
el_code = etree.SubElement(el_pre, 'code')
if token.language:
el_code.set('class', 'language-{}'.format(self.escape_html(token.language)))
# to comply with the format using in PythonMarkdown.
# or it may break in plugins like codehilite!!
code_text = (html.escape(token.children[0].content)
.replace(''', "'")
# FIXME: breaks commonmark test suite #176
.replace('"', '"'))
# protect inside content from being interpreted
el_code.text = AtomicString(code_text)
return el_pre
def render_inline_code(self, token):
template = "<code>{}</code>"
inner = html.escape(token.children[0].content)
return template.format(inner)
def escape_url(raw):
"""
Escape urls to prevent code injection craziness. (Hopefully.)
"""
return html.escape(quote(html.unescape(raw), safe="/#:()*?=%@+,&"))
def escape_html(raw):
return html.escape(html.unescape(raw)).replace("'", "'")
def render_inline_code(self, token):
el = etree.Element('code')
el.text = AtomicString(html.escape(token.children[0].content)
.replace(''', "'"))
return el