Re: [Python-markdown-discuss] AtomicString

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Yuri Takhteyev wrote:
>> There is absolutely no camelcase words in the text we pass in, so no
>> wikilinks should be generated. However, it appears that the
>> placeholder for the "markdownlink" is inserted into the text as
>> ``\x02LinkPattern:000\x03``. Normally, this would later be replaced by
>>     
>
> Yeah, that's an whoops.  I think rather than just avoiding camelcase
> in placeholders, we should avoid anything meangingfull in them at all,
> apart from STX and ETX codes.  We used to have some random combination
> of characters.  Adding STX and ETX around it made it safer against us
> trying to replace the occurrence of the placeholder in the original
> text.  However, switching from a random combination to meaningful
> things like "LinkPattern" creates the possibility of users messing
> with our placeholders via extensions.  So, I we should do both: use a
> meaningless combination of letters (without any punctuation), and then
> wrap it with characters that users aren't allowed to put in the input
> (STX and ETX).  E.g.:
>
> STX = u'\u0002'  # Use STX ("Start of text") for start-of-placeholder
> ETX = u'\u0003'  # Use ETX ("End of text") for end-of-placeholder
> HTML_PLACEHOLDER_PREFIX = STX+"wyxhzde38k"
> HTML_PLACEHOLDER = HTML_PLACEHOLDER_PREFIX + "%d"+ETX
> INLINE_PLACEHOLDER_PREFIX = STX+"0ix2bavflj"
> INLINE_PLACEHOLDER_SUFFIX = ETX
> AMP_SUBSTITUTE = STX+"k75lziz62a"+ETX
>
> Actually, come to think of it, perhaps even that %d is not a good idea.
>   

Maybe we should use some random hashes, like 
`md5.new(str(random.random())).hexdigest()` ?
I don't think that users will be handle with placeholders, in case if 
everything works fine. In preporcessors they'll be given just plain 
input, in postprocessors they'll receive already processed with inline 
patterns ElementTree.