Some sort of mapping function
xmo-odoo opened this issue · 2 comments
One of the biggest issues of markupsafe is that most of the world is not markupsafe-aware, so when performing text transformations through markupsafe-unaware (but safe) APIs. In my experience, regex and markdown are common issues.
They generally require type-checking the input, applying the transformation, then re-wrapping if necessary, commonly transforming a simple expression into several statements (or a more complicated conditional expression).
Would be nice if markupsafe provided a markupsafe.map utility which did that internally, applying a user-supplied transformation function then rewrapping the input to match the output.
This sounds outside the scope of MarkupSafe. I'm not clear what this would be compared to Markup(markdown.render(value)).
This sounds outside the scope of MarkupSafe. I'm not clear what this would be compared to
Markup(markdown.render(value)).
It would check that the original value is a Markup and only re-wrap in that case: if the input of markdown rendering is markup-safe, then the output is generally markup-safe (barring odd extensions).
An unconditional wrapping would launder markup from an unescaped markdown doc into the output. While there are use-cases for that, untrusted input is a pretty big use case for markdown.