The quest for a better markdown processor (5 Part Series)
I looked into commonmark.py.
What is it with Python library authors and documentation? This tells me almost nothing. I can see from pydoc that commonmark contains about a dozen submodules, but I have no idea how to use any of it besides the basic API.
It solves most of my issues more or less satisfactorily. Backticks work in anchor text, no tomfoolery with newlines, block-level custom elements are usable (but only with blank lines, and now that applies to
*** supported. No other icky edge cases as far as I've found.
But two big ones left: no spoilers and no escaping.
I'm reminded of another reason I didn't want to use the bleach approach for escaping: it means innocent HTML input will not be escaped. If a commenter types
<i>, I want to assume they wanted it to come out as
<i>, as if they were talking about the tag and didn't feel like putting
` around it. I've frequently been inconvenienced on both Github and dev.to by HTML input being either interpreted or clobbered when I expected it to be escaped; I don't want people to have to type
<...> when they just want
There's this article called Markdown and XSS showing how Markdown is vulnerable to an XSS attack involving bookmarlets even if you escape HTML input, and saying that it shows Markdown can only be safe if you sanitize output, as is bleach's approach. But what I don't get is why this isn't trivially solvable by rejecting links that start with
It also sounds like commonmark.py doesn't have any extension API, so adding spoilers would probably be pretty difficult. (The same thread also indicates it doesn't support tables. I don't currently use markdown tables anywhere or have any commenters who've tried to use it, but it would be nice to have available.)
So commonmark might be a slightly better option than mistune on the whole, but I'm not sure. My quest isn't over. I might still end up forking mistune.
I've counted the lines of code with cloc. These might be interesting:
- python-markdown: 3780
- python-markdown2: 1531
- mistune: 1388
- commonmark: 4849
You're one click away
Level up every day