aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWaylan Limberg <waylan@gmail.com>2011-12-29 02:11:48 +0800
committerMike Dirolf <mike@dirolf.com>2012-01-15 00:45:36 +0800
commit35930e0928e19e37f81c906d5d11dfcc1087092b (patch)
treee875b58aa7d3a23898b02d90dfa58d6a40399297
parent12baab2e34a49530f3b712d2faaf59560ff993ef (diff)
downloadmarkdown-35930e0928e19e37f81c906d5d11dfcc1087092b.tar.gz
markdown-35930e0928e19e37f81c906d5d11dfcc1087092b.tar.bz2
markdown-35930e0928e19e37f81c906d5d11dfcc1087092b.zip
Fixed #69. url_sanitize no longer crashes on unparsable urls.
Also optimized the code to bypass parsing when not in safe_mode and return immediately upon failure rather than continue parsing when in safe_mode. Note that in Python2.7+ more urls may fail than in older versions because IPv6 support was added to urlparse and it apparently mistakenly identifies some urls as IPv6 when they are not. Seeing this only applies to safe_mode now, I don't really care.
-rw-r--r--markdown/inlinepatterns.py27
1 files changed, 18 insertions, 9 deletions
diff --git a/markdown/inlinepatterns.py b/markdown/inlinepatterns.py
index 109cc05..51b06d9 100644
--- a/markdown/inlinepatterns.py
+++ b/markdown/inlinepatterns.py
@@ -311,20 +311,29 @@ class LinkPattern(Pattern):
`username:password@host:port`.
"""
+ if not self.markdown.safeMode:
+ # Return immediately bipassing parsing.
+ return url
+
+ try:
+ scheme, netloc, path, params, query, fragment = url = urlparse(url)
+ except ValueError:
+ # Bad url - so bad it couldn't be parsed.
+ return ''
+
locless_schemes = ['', 'mailto', 'news']
- scheme, netloc, path, params, query, fragment = url = urlparse(url)
- safe_url = False
- if netloc != '' or scheme in locless_schemes:
- safe_url = True
+ if netloc == '' or scheme not in locless_schemes:
+ # This fails regardless of anything else.
+ # Return immediately to save additional proccessing
+ return ''
for part in url[2:]:
if ":" in part:
- safe_url = False
+ # Not a safe url
+ return ''
- if self.markdown.safeMode and not safe_url:
- return ''
- else:
- return urlunparse(url)
+ # Url passes all tests. Return url as-is.
+ return urlunparse(url)
class ImagePattern(LinkPattern):
""" Return a img element from the given match. """