Temporary fix for markdown <!-- escape issue (#1899)

Unclosed `<!--` in the vulnerability details sections aren't escaped due to a [problem with markdown2](trentm/python-markdown2#563). Temporarily manually escaped these.
google · Jan 3, 2024 · 348a1c3 · 348a1c3
1 parent 02af8ac
commit 348a1c3
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/gcp/appengine/frontend_handlers.py b/gcp/appengine/frontend_handlers.py
@@ -508,8 +508,13 @@ def sort_versions(versions: list[str], ecosystem: str) -> list[str]:
 def markdown(text):
   """Render markdown."""
   if text:
-    return markdown2.markdown(
+    md = markdown2.markdown(
         text, safe_mode='escape', extras=['fenced-code-blocks'])
+    # TODO(michaelkedar): Seems like there's a bug with markdown2 not escaping
+    # unclosed HTML comments <!--, which ends up commenting out the whole page
+    # See: https://github.com/trentm/python-markdown2/issues/563
+    # For now, manually replace any leftover comments with the escaped form
+    return md.replace('<!--', '&lt;!--')
 
   return ''