Skip to content

Ensure incomplete markup declaration in raw HTML doesn't crash parser. #1535

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jun 18, 2025
Merged

Ensure incomplete markup declaration in raw HTML doesn't crash parser. #1535

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ba2cab6
Ensure incomplete markup declaration in raw HTML doesn't crash parser.
waylan Jun 18, 2025
653890c
cleanup
waylan Jun 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/changelog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ See the [Contributing Guide](contributing.md) for details.

### Fixed

* Ensure incomplete markup declaration in raw HTML doesn't crash parser (#1534).
* Fixed dropped content in `md_in_html` (#1526).
* Fixed HTML handling corner case that prevented some content from not being rendered (#1528).

Expand Down
4 changes: 4 additions & 0 deletions markdown/extensions/md_in_html.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,10 @@ def parse_pi(self, i: int) -> int:

def parse_html_declaration(self, i: int) -> int:
if self.at_line_start() or self.intail or self.mdstack:
if self.rawdata[i:i+3] == '<![' and not self.rawdata[i:i+9] == '<![CDATA[':
# We have encountered the bug in #1534 (Python bug `gh-77057`).
# Provide an override until we drop support for Python < 3.13.
return self.parse_bogus_comment(i)
# The same override exists in `HTMLExtractor` without the check
# for `mdstack`. Therefore, use parent of `HTMLExtractor` instead.
return super(HTMLExtractor, self).parse_html_declaration(i)
Expand Down
4 changes: 4 additions & 0 deletions markdown/htmlparser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,10 @@ def parse_pi(self, i: int) -> int:

def parse_html_declaration(self, i: int) -> int:
if self.at_line_start() or self.intail:
if self.rawdata[i:i+3] == '<![' and not self.rawdata[i:i+9] == '<![CDATA[':
# We have encountered the bug in #1534 (Python bug `gh-77057`).
# Provide an override until we drop support for Python < 3.13.
return self.parse_bogus_comment(i)
return super().parse_html_declaration(i)
# This is not the beginning of a raw block so treat as plain data
# and avoid consuming any tags which may follow (see #1066).
Expand Down
7 changes: 7 additions & 0 deletions tests/test_syntax/blocks/test_html_blocks.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1275,6 +1275,13 @@ def test_raw_cdata_indented(self):
)
)

def test_not_actually_cdata(self):
# Ensure bug reported in #1534 is avoided.
self.assertMarkdownRenders(
'<![',
'<p>&lt;![</p>'
)

def test_raw_cdata_code_span(self):
self.assertMarkdownRenders(
self.dedent(
Expand Down