From e3900a82c9b7340b3cf1442aa369210709921ed0 Mon Sep 17 00:00:00 2001 From: Elijah Greenstein <197816462+elijahgreenstein@users.noreply.github.com> Date: Fri, 8 Aug 2025 15:31:51 -0700 Subject: [PATCH 1/2] docs: Correct typos; add "the" to a few sentences 1. has -> have 2. "You can note, that..." -> "Note that..." 3. sequence -> "the sequence" 4. "top level of token stream" -> "the top level of the token stream" --- docs/architecture.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/architecture.md b/docs/architecture.md index 5190bbd2..3100af7f 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -60,7 +60,7 @@ In total, a token stream is: - On the top level - array of paired or single "block" tokens: - open/close for headers, lists, blockquotes, paragraphs, ... - codes, fenced blocks, horizontal rules, html blocks, inlines containers -- Each inline token have a `.children` property with a nested token stream for inline content: +- Each inline token has a `.children` property with a nested token stream for inline content: - open/close for strong, em, link, code, ... - text, line breaks @@ -81,7 +81,7 @@ Rules are functions, doing "magic" with parser `state` objects. A rule is associ Rules are managed by names via [Ruler](https://markdown-it.github.io/markdown-it/#Ruler) instances and can be `enabled` / `disabled` from the [MarkdownIt](https://markdown-it.github.io/markdown-it/#MarkdownIt) methods. -You can note, that some rules have a `validation mode` - in this mode rules do not +Note that some rules have a `validation mode` - in this mode rules do not modify the token stream, and only look ahead for the end of a token. It's one important design principle - a token stream is "write only" on block & inline parse stages. @@ -160,9 +160,9 @@ JSON/XML... You can even use it to generate AST. ## Summary -This was mentioned in [Data flow](md/data-flow), but let's repeat sequence again: +This was mentioned in [Data flow](md/data-flow), but let's repeat the sequence again: -1. Blocks are parsed, and top level of token stream filled with block tokens. +1. Blocks are parsed, and the top level of the token stream filled with block tokens. 2. Content on inline containers is parsed, filling `.children` properties. 3. Rendering happens. From 8077ce6b1c8655717f08f98f34328a3ebda4bec0 Mon Sep 17 00:00:00 2001 From: Elijah Greenstein <197816462+elijahgreenstein@users.noreply.github.com> Date: Fri, 8 Aug 2025 15:39:07 -0700 Subject: [PATCH 2/2] docs: Correct typos 1. "prohibits some kind of links" should be "prohibits some kinds of links" 2. Reorganize "element `id` and `name`" to "`id` and `name` attributes" 3. Change "autogenerating" to "autogenerate" (i.e. "plugins that ... autogenerate header anchors") --- docs/security.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/security.md b/docs/security.md index 7cbf765f..6605d2ee 100644 --- a/docs/security.md +++ b/docs/security.md @@ -25,7 +25,7 @@ from markdown_it import MarkdownIt MarkdownIt("js-default").render("*user-submitted* text") ``` -Note that even with the default configuration, `markdown-it-py` prohibits some kind of links which could be used for XSS: +Note that even with the default configuration, `markdown-it-py` prohibits some kinds of links which could be used for XSS: - `javascript:`, `vbscript:` - `file:` @@ -37,8 +37,8 @@ If you find a security problem, please report it to . Usually, plugins operate with tokenized content, and that's enough to provide safe output. -But there is one non-evident case you should know - don't allow plugins to generate arbitrary element `id` and `name`. +But there is one non-evident case you should know - don't allow plugins to generate arbitrary `id` and `name` attributes. If those depend on user input - always add prefixes to avoid DOM clobbering. See [discussion](https://github.com/markdown-it/markdown-it/issues/28) for details. -So, if you decide to use plugins that add extended class syntax or autogenerating header anchors - be careful. +So, if you decide to use plugins that add extended class syntax or autogenerate header anchors - be careful.