* yaml5.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Markdown?expand=0&rev=54
48 lines
1.8 KiB
Diff
48 lines
1.8 KiB
Diff
From 0861bb0df43a20737c38029bcf7d09b14d17352f Mon Sep 17 00:00:00 2001
|
|
From: Waylan Limberg <waylan.limberg@icloud.com>
|
|
Date: Thu, 14 Mar 2019 09:17:31 -0400
|
|
Subject: [PATCH] Update CLI to support PyYAML 5.1
|
|
|
|
This should avoid any warnings. We use `unsafe_load` because users may
|
|
need to pass in actual Python objects. As this is only available from
|
|
the CLI, the user has much worse problems if an attacker can use this
|
|
as an attach vector.
|
|
---
|
|
docs/change_log/release-3.1.md | 1 +
|
|
markdown/__main__.py | 14 +++++++++++---
|
|
2 files changed, 12 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/markdown/__main__.py b/markdown/__main__.py
|
|
index 38d08fe0..43e486c9 100644
|
|
--- a/markdown/__main__.py
|
|
+++ b/markdown/__main__.py
|
|
@@ -26,9 +26,17 @@
|
|
import warnings
|
|
import markdown
|
|
try:
|
|
- import yaml
|
|
+ # We use `unsafe_load` because users may need to pass in actual Python
|
|
+ # objects. As this is only available from the CLI, the user has much
|
|
+ # worse problems if an attacker can use this as an attach vector.
|
|
+ from yaml import unsafe_load as yaml_load
|
|
except ImportError: # pragma: no cover
|
|
- import json as yaml
|
|
+ try:
|
|
+ # Fall back to PyYAML <5.1
|
|
+ from yaml import load as yaml_load
|
|
+ except ImportError:
|
|
+ # Fall back to JSON
|
|
+ from json import load as yaml_load
|
|
|
|
import logging
|
|
from logging import DEBUG, WARNING, CRITICAL
|
|
@@ -97,7 +105,7 @@ def parse_options(args=None, values=None):
|
|
options.configfile, mode="r", encoding=options.encoding
|
|
) as fp:
|
|
try:
|
|
- extension_configs = yaml.load(fp)
|
|
+ extension_configs = yaml_load(fp)
|
|
except Exception as e:
|
|
message = "Failed parsing extension config file: %s" % \
|
|
options.configfile
|