(tooling-trusted-releases) branch main updated: Notes say that cmarkgfm is safe

Tue, 24 Mar 2026 09:12:40 -0700 

This is an automated email from the ASF dual-hosted git repository.

arm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


The following commit(s) were added to refs/heads/main by this push:
     new da4d20a1 Notes say that cmarkgfm is safe
da4d20a1 is described below

commit da4d20a18e3275113d4f27bf8a98046d438b40cd
Author: Alastair McFarlane <[email protected]>
AuthorDate: Tue Mar 24 16:11:16 2026 +0000

    Notes say that cmarkgfm is safe
---
 atr/get/checklist.py   | 1 +
 atr/get/sbom.py        | 1 +
 scripts/gfm_to_html.py | 1 +
 3 files changed, 3 insertions(+)

diff --git a/atr/get/checklist.py b/atr/get/checklist.py
index 9bd58cc6..b84b521a 100644
--- a/atr/get/checklist.py
+++ b/atr/get/checklist.py
@@ -71,6 +71,7 @@ async def selected(
         committee=committee,
         revision=latest_revision,
     )
+    # cmarkgfm will refuse to write unsafe strings into the html
     checklist_html = 
markupsafe.Markup(cmarkgfm.github_flavored_markdown_to_html(substituted_markdown))
 
     page = htm.Block()
diff --git a/atr/get/sbom.py b/atr/get/sbom.py
index df798045..156e473c 100644
--- a/atr/get/sbom.py
+++ b/atr/get/sbom.py
@@ -563,6 +563,7 @@ def _vulnerability_component_details_osv(
             else:
                 
vuln_header.append(htm.span(".badge.bg-info.text-light")["new"])
 
+        # cmarkgfm will refuse to write unsafe strings into the html
         details = 
markupsafe.Markup(cmarkgfm.github_flavored_markdown_to_html(vuln.details))
         vuln_div = 
htm.div(".ms-3.mb-3.border-start.border-warning.border-3.ps-3")[
             htm.div(".d-flex.align-items-center.mb-2")[*vuln_header],
diff --git a/scripts/gfm_to_html.py b/scripts/gfm_to_html.py
index 96552ff9..b28ccd85 100755
--- a/scripts/gfm_to_html.py
+++ b/scripts/gfm_to_html.py
@@ -32,6 +32,7 @@ def main() -> None:
     output_path = pathlib.Path(sys.argv[2])
 
     markdown = input_path.read_text(encoding="utf-8")
+    # cmarkgfm will refuse to write unsafe strings into the html
     html = cmarkgfm.github_flavored_markdown_to_html(markdown)
     output_path.write_text(html, encoding="utf-8")
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to