Fix Issue316 - set sandbox to be false by default (#322)

JessicaTegner · web-flow · commit d97d48a996fb · 2023-02-28T09:26:49.000+01:00
diff --git a/pypandoc/__init__.py b/pypandoc/__init__.py
@@ -55,7 +55,7 @@
 
 def convert_text(source:str, to:str, format:str, extra_args:Iterable=(), encoding:str='utf-8',
                  outputfile:Union[None, str, Path]=None, filters:Union[Iterable, None]=None, verify_format:bool=True,
-                 sandbox:bool=True, cworkdir:Union[str, None]=None) -> str:
+                 sandbox:bool=False, cworkdir:Union[str, None]=None) -> str:
     """Converts given `source` from `format` to `to`.
 
     :param str source: Unicode string or bytes (see encoding)
@@ -80,7 +80,7 @@ def convert_text(source:str, to:str, format:str, extra_args:Iterable=(), encodin
             (Default value = True)
 
     :param bool sandbox: Run pandoc in pandocs own sandbox mode, limiting IO operations in readers and writers to reading the files specified on the command line. Anyone using pandoc on untrusted user input should use this option. Note: This only does something, on pandoc >= 2.15
-            (Default value = True)
+            (Default value = False)
 
     :returns: converted string (unicode) or an empty string if an outputfile was given
     :rtype: unicode
@@ -98,7 +98,7 @@ def convert_text(source:str, to:str, format:str, extra_args:Iterable=(), encodin
 
 def convert_file(source_file:Union[list, str, Path, Generator], to:str, format:Union[str, None]=None,
                  extra_args:Iterable=(), encoding:str='utf-8', outputfile:Union[None, str, Path]=None,
-                 filters:Union[Iterable, None]=None, verify_format:bool=True, sandbox:bool=True,
+                 filters:Union[Iterable, None]=None, verify_format:bool=True, sandbox:bool=False,
                  cworkdir:Union[str, None]=None) -> str:
     """Converts given `source` from `format` to `to`.
 
@@ -130,7 +130,7 @@ def convert_file(source_file:Union[list, str, Path, Generator], to:str, format:U
             (Default value = True)
 
     :param bool sandbox: Run pandoc in pandocs own sandbox mode, limiting IO operations in readers and writers to reading the files specified on the command line. Anyone using pandoc on untrusted user input should use this option. Note: This only does something, on pandoc >= 2.15
-            (Default value = True)
+            (Default value = False)
 
     :returns: converted string (unicode) or an empty string if an outputfile was given
     :rtype: unicode
@@ -318,7 +318,7 @@ def _validate_formats(format, to, outputfile):
 
 def _convert_input(source, format, input_type, to, extra_args=(),
                    outputfile=None, filters=None, verify_format=True,
-                   sandbox=True, cworkdir=None):
+                   sandbox=False, cworkdir=None):
     
     _check_log_handler()
     _ensure_pandoc_path()
diff --git a/setup_binary.py b/setup_binary.py
@@ -35,7 +35,7 @@ def finalize_options(self):
     def run(self):
         from pypandoc.pandoc_download import download_pandoc
         targetfolder = os.path.join(os.path.dirname(os.path.realpath(__file__)), "pypandoc", "files")
-        download_pandoc(targetfolder=targetfolder)
+        download_pandoc(targetfolder=targetfolder, version="2.19.2")
 
 
 cmd_classes = {'download_pandoc': DownloadPandocCommand}
diff --git a/test_data/index.html b/test_data/index.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <title>Test Title</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+
+<body>
+
+  <h1 class="section">Test Heading</h1>
+
+  <div class="row">
+    <img src="test.png" alt="test alt" />
+  </div>
+
+</body>
+
+</html>
diff --git a/test_data/test.docx b/test_data/test.docx
diff --git a/test_data/test.png b/test_data/test.png
diff --git a/tests.py b/tests.py
@@ -232,6 +232,21 @@ def test_basic_conversion_from_http_url(self):
         received = pypandoc.convert_file(url, 'html')
         assert "GPL2 license" in received
 
+    def test_conversion_with_data_files(self):
+        # remove our test.docx file from our test_data dir if it already exosts
+        test_data_dir = os.path.join(os.path.dirname(__file__), 'test_data')
+        test_docx_file = os.path.join(test_data_dir, 'test.docx')
+        if os.path.exists(test_docx_file):
+            os.remove(test_docx_file)
+        result = pypandoc.convert_file(
+    os.path.join(test_data_dir, 'index.html'),
+    to='docx',
+    format='html',
+    outputfile=test_docx_file,
+    sandbox=True,
+)
+        print(result)
+
     def test_convert_with_custom_writer(self):
         lua_file_content = self.create_sample_lua()
         with closed_tempfile('.md', text='# title\n') as file_name:
@@ -452,14 +467,9 @@ def test_conversion_stderr(self):
                 output = re.sub(r'\r', '', output)
                 output = output.replace("'missing.png'",
                                         "missing.png")
-                expected = (u'[WARNING] Could not fetch resource '
-                            u'missing.png: PandocResourceNotFound '
-                            u'"missing.png"\n'
-                            u'[WARNING] Could not fetch resource '
-                            u'missing.png: PandocResourceNotFound '
-                            u'"missing.png"\n\n')
-                self.assertEqual(expected, output)
-
+                output = output.lower()
+                print(output)
+                assert "[warning] could not fetch resource missing.png" in output
 
     def test_conversion_stderr_nullhandler(self):
         
