From 5017a9ba7e8e9d0c4998249bbd1a86f06c3651ba Mon Sep 17 00:00:00 2001
From: rubenwardy <rw@rubenwardy.com>
Date: Tue, 2 Feb 2021 18:16:55 +0000
Subject: [PATCH] Allow codehighlighting in markdown, enable linkify

---
 app/markdown.py | 55 +++++++++++++++++++++++++++++--------------------
 1 file changed, 33 insertions(+), 22 deletions(-)

diff --git a/app/markdown.py b/app/markdown.py
index 1d14c5e..bae2bc3 100644
--- a/app/markdown.py
+++ b/app/markdown.py
@@ -1,15 +1,16 @@
+from functools import partial
+
 import bleach
+from bleach import Cleaner
+from bleach.linkifier import LinkifyFilter
 from markdown import Markdown
 from flask import Markup
 
-# Whitelist source: MIT
-#
+# Based on
 # https://github.com/Wenzil/mdx_bleach/blob/master/mdx_bleach/whitelist.py
+#
+# License: MIT
 
-"""
-Default whitelist of allowed HTML tags. Any other HTML tags will be escaped or
-stripped from the text. This applies to the html output that Markdown produces.
-"""
 ALLOWED_TAGS = [
 	"h1", "h2", "h3", "h4", "h5", "h6", "hr",
 	"ul", "ol", "li",
@@ -22,33 +23,43 @@ ALLOWED_TAGS = [
 	"em",
 	"a",
 	"img",
-	"table", "thead", "tbody", "tr", "th", "td"
+	"table", "thead", "tbody", "tr", "th", "td",
+	"div", "span",
 ]
 
-"""
-Default whitelist of attributes. It allows the href and title attributes for <a>
-tags and the src, title and alt attributes for <img> tags. Any other attribute
-will be stripped from its tag.
-"""
+ALLOWED_CSS = [
+	"highlight", "codehilite",
+	"hll", "c", "err", "g", "k", "l", "n", "o", "x", "p", "ch", "cm", "cp", "cpf", "c1", "cs",
+	"gd", "ge", "gr", "gh", "gi", "go", "gp", "gs", "gu", "gt", "kc", "kd", "kn", "kp", "kr",
+	"kt", "ld", "m", "s", "na", "nb", "nc", "no", "nd", "ni", "ne", "nf", "nl", "nn", "nx",
+	"py", "nt", "nv", "ow", "w", "mb", "mf", "mh", "mi", "mo", "sa", "sb", "sc", "dl", "sd",
+	"s2", "se", "sh", "si", "sx", "sr", "s1", "ss", "bp", "fm", "vc", "vg", "vi", "vm", "il",
+]
+
+def allow_class(_tag, name, value):
+	return name == "class" and value in ALLOWED_CSS
+
 ALLOWED_ATTRIBUTES = {
 	"a": ["href", "title"],
-	"img": ["src", "title", "alt"]
+	"img": ["src", "title", "alt"],
+	"code": allow_class,
+	"div": allow_class,
+	"span": allow_class,
 }
 
-"""
-If you allow tags that have attributes containing a URI value
-(like the href attribute of an anchor tag,) you may want to adapt
-the accepted protocols. The default list only allows http, https and mailto.
-"""
 ALLOWED_PROTOCOLS = ["http", "https", "mailto"]
 
-
 md = None
 
 def render_markdown(source):
-	return bleach.clean(md.convert(source),
-			tags=ALLOWED_TAGS, attributes=ALLOWED_ATTRIBUTES,
-			styles=[], protocols=ALLOWED_PROTOCOLS)
+	html = md.convert(source)
+
+	cleaner = Cleaner(
+			tags=ALLOWED_TAGS,
+			attributes=ALLOWED_ATTRIBUTES,
+			protocols=ALLOWED_PROTOCOLS,
+			filters=[partial(LinkifyFilter, callbacks=bleach.linkifier.DEFAULT_CALLBACKS)])
+	return cleaner.clean(html)
 
 def init_app(app):
 	global md