From 7f58bc23c3aa34474f07367b029fe5986d690b4f Mon Sep 17 00:00:00 2001
From: Yann Rabiller <yann.rabiller@fortrabbit.com>
Date: Fri, 17 Jun 2022 00:40:44 +0200
Subject: [PATCH] Move html_escape_url to utils

---
 lib/markdown2.py | 20 +++++---------------
 lib/utils.py     | 12 ++++++++++++
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/lib/markdown2.py b/lib/markdown2.py
index f55d84f0..2a3f364f 100755
--- a/lib/markdown2.py
+++ b/lib/markdown2.py
@@ -124,6 +124,7 @@
     hr_tag_re_from_tab_width,
     xml_escape_attr,
     xml_encode_email_char_at_random,
+    html_escape_url,
 )
 
 # ---- globals
@@ -1511,7 +1512,7 @@ def _do_links(self, text):
                     if is_img:
                         img_class_str = self._html_class_str_from_tag("img")
                         result = '<img src="%s" alt="%s"%s%s%s' \
-                            % (_html_escape_url(url, safe_mode=self.safe_mode),
+                            % (html_escape_url(url, safe_mode=self.safe_mode),
                                xml_escape_attr(_AMPERSAND_RE, link_text),
                                title_str,
                                img_class_str,
@@ -1525,7 +1526,7 @@ def _do_links(self, text):
                         if self.safe_mode and not safe_link:
                             result_head = '<a href="#"%s>' % (title_str)
                         else:
-                            result_head = '<a href="%s"%s>' % (_html_escape_url(url, safe_mode=self.safe_mode), title_str)
+                            result_head = '<a href="%s"%s>' % (html_escape_url(url, safe_mode=self.safe_mode), title_str)
                         result = '%s%s</a>' % (result_head, link_text)
                         if "smarty-pants" in self.extras:
                             result = result.replace('"', self._escape_table['"'])
@@ -1567,7 +1568,7 @@ def _do_links(self, text):
                         if is_img:
                             img_class_str = self._html_class_str_from_tag("img")
                             result = '<img src="%s" alt="%s"%s%s%s' \
-                                % (_html_escape_url(url, safe_mode=self.safe_mode),
+                                % (html_escape_url(url, safe_mode=self.safe_mode),
                                    xml_escape_attr(_AMPERSAND_RE, link_text),
                                    title_str,
                                    img_class_str,
@@ -1580,7 +1581,7 @@ def _do_links(self, text):
                             if self.safe_mode and not self._safe_protocols.match(url):
                                 result_head = '<a href="#"%s>' % (title_str)
                             else:
-                                result_head = '<a href="%s"%s>' % (_html_escape_url(url, safe_mode=self.safe_mode), title_str)
+                                result_head = '<a href="%s"%s>' % (html_escape_url(url, safe_mode=self.safe_mode), title_str)
                             result = '%s%s</a>' % (result_head, link_text)
                             if "smarty-pants" in self.extras:
                                 result = result.replace('"', self._escape_table['"'])
@@ -2483,17 +2484,6 @@ class UnicodeWithAttrs(str):
     toc_html = None
 
 
-def _html_escape_url(attr, safe_mode=False):
-    """Replace special characters that are potentially malicious in url string."""
-    escaped = (attr
-        .replace('"', '&quot;')
-        .replace('<', '&lt;')
-        .replace('>', '&gt;'))
-    if safe_mode:
-        escaped = escaped.replace('+', ' ')
-        escaped = escaped.replace("'", "&#39;")
-    return escaped
-
 
 # ---- mainline
 
diff --git a/lib/utils.py b/lib/utils.py
index 18293824..ce0087db 100644
--- a/lib/utils.py
+++ b/lib/utils.py
@@ -307,3 +307,15 @@ def xml_encode_email_char_at_random(ch):
         return "&#%s;" % hex(ord(ch))[1:]
     else:
         return "&#%s;" % ord(ch)
+
+
+def html_escape_url(attr, safe_mode=False):
+    """Replace special characters that are potentially malicious in url string."""
+    escaped = (attr
+        .replace('"', '&quot;')
+        .replace('<', '&lt;')
+        .replace('>', '&gt;'))
+    if safe_mode:
+        escaped = escaped.replace('+', ' ')
+        escaped = escaped.replace("'", "&#39;")
+    return escaped
\ No newline at end of file