Don't allow equal signs in attr_list keys.

This will probably not result in the output intending by the author, but the syntax would be incorrect so the author needs to edit the document anyway. We just need to ensure the parser does not crash here. Fixes Python-Markdown#498.
azurah · Sep 23, 2016 · 4747cf7 · 4747cf7
1 parent 435bb72
commit 4747cf7
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/markdown/extensions/attr_list.py b/markdown/extensions/attr_list.py
@@ -53,9 +53,9 @@ def _handle_word(s, t):
     return t, t
 
 _scanner = Scanner([
-    (r'[^ ]+=".*?"', _handle_double_quote),
-    (r"[^ ]+='.*?'", _handle_single_quote),
-    (r'[^ ]+=[^ =]+', _handle_key_value),
+    (r'[^ =]+=".*?"', _handle_double_quote),
+    (r"[^ =]+='.*?'", _handle_single_quote),
+    (r'[^ =]+=[^ =]+', _handle_key_value),
     (r'[^ =]+', _handle_word),
     (r' ', None)
 ])

diff --git a/tests/extensions/attr_list.html b/tests/extensions/attr_list.html
@@ -65,4 +65,5 @@ <h1>Bad attributes</h1>
 <p><em>Weirdness</em></p>
 <p><em>More weirdness</em></p>
 <p>Attr_lists do not contain <em>newlines</em>{ foo=bar
-key=value }</p>
+key=value }</p>
+<p>Extra <em foo="bar">equals signs</em></p>
diff --git a/tests/extensions/attr_list.txt b/tests/extensions/attr_list.txt
@@ -90,3 +90,5 @@ No *key or value*{ = }
 
 Attr_lists do not contain *newlines*{ foo=bar
 key=value }
+
+Extra *equals signs*{ foo=bar=baz }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -90,3 +90,5 @@ No key or value{ = }

		Attr_lists do not contain newlines{ foo=bar
		key=value }

		Extra equals signs{ foo=bar=baz }