Skip to content

Sandbox233 - fixed #223 #245

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Dec 14, 2021
Merged

Sandbox233 - fixed #223 #245

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
410312f
Added sandbox by default, that can be toggled
Dec 14, 2021
9f6a914
Added docstrings for verify formats and sandbox
Dec 14, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 21 additions & 6 deletions pypandoc/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ def convert(source, to, format=None, extra_args=(), encoding='utf-8',
:raises OSError: if pandoc is not found; make sure it has been installed and is available at
path.
"""
msg = ("Due to possible ambiguity, 'convert()' is deprecated. "
msg = ("Due to possible ambiguity, 'convert()' is deprecated and will be removed in pypandoc 1.8. "
"Use 'convert_file()' or 'convert_text()'.")
warnings.warn(msg, DeprecationWarning, stacklevel=2)

Expand All @@ -69,7 +69,7 @@ def convert(source, to, format=None, extra_args=(), encoding='utf-8',


def convert_text(source, to, format, extra_args=(), encoding='utf-8',
outputfile=None, filters=None, verify_format=True):
outputfile=None, filters=None, verify_format=True, sandbox=True):
"""Converts given `source` from `format` to `to`.

:param str source: Unicode string or bytes (see encoding)
Expand All @@ -89,6 +89,12 @@ def convert_text(source, to, format, extra_args=(), encoding='utf-8',

:param list filters: pandoc filters e.g. filters=['pandoc-citeproc']

:param bool verify_format: Verify from and to format before converting. Should only be set False when confident of the formats and performance is an issue.
(Default value = True)

:param bool sandbox: Run pandoc in pandocs own sandbox mode, limiting IO operations in readers and writers to reading the files specified on the command line. Anyone using pandoc on untrusted user input should use this option.
(Default value = True)

:returns: converted string (unicode) or an empty string if an outputfile was given
:rtype: unicode

Expand All @@ -99,11 +105,11 @@ def convert_text(source, to, format, extra_args=(), encoding='utf-8',
source = _as_unicode(source, encoding)
return _convert_input(source, format, 'string', to, extra_args=extra_args,
outputfile=outputfile, filters=filters,
verify_format=verify_format)
verify_format=verify_format, sandbox=sandbox)


def convert_file(source_file, to, format=None, extra_args=(), encoding='utf-8',
outputfile=None, filters=None, verify_format=True):
outputfile=None, filters=None, verify_format=True, sandbox=True):
"""Converts given `source` from `format` to `to`.

:param str source_file: file path (see encoding)
Expand All @@ -125,6 +131,12 @@ def convert_file(source_file, to, format=None, extra_args=(), encoding='utf-8',

:param list filters: pandoc filters e.g. filters=['pandoc-citeproc']

:param bool verify_format: Verify from and to format before converting. Should only be set False when confident of the formats and performance is an issue.
(Default value = True)

:param bool sandbox: Run pandoc in pandocs own sandbox mode, limiting IO operations in readers and writers to reading the files specified on the command line. Anyone using pandoc on untrusted user input should use this option.
(Default value = True)

:returns: converted string (unicode) or an empty string if an outputfile was given
:rtype: unicode

Expand All @@ -137,7 +149,7 @@ def convert_file(source_file, to, format=None, extra_args=(), encoding='utf-8',
format = _identify_format_from_path(source_file, format)
return _convert_input(source_file, format, 'path', to, extra_args=extra_args,
outputfile=outputfile, filters=filters,
verify_format=verify_format)
verify_format=verify_format, sandbox=sandbox)


def _identify_path(source):
Expand Down Expand Up @@ -256,7 +268,7 @@ def _validate_formats(format, to, outputfile):


def _convert_input(source, format, input_type, to, extra_args=(), outputfile=None,
filters=None, verify_format=True):
filters=None, verify_format=True, sandbox=True):
_ensure_pandoc_path()

if verify_format:
Expand All @@ -276,6 +288,9 @@ def _convert_input(source, format, input_type, to, extra_args=(), outputfile=Non
if outputfile:
args.append("--output=" + outputfile)

if sandbox:
args.append("--sandbox")

args.extend(extra_args)

# adds the proper filter syntax for each item in the filters list
Expand Down