fix: lock protect markdown rendering

The MarkdownRenderer is not thread-safe, see miyuchina/mistletoe#210 Fixes WEBLATE-1Q34
nijel · Dec 17, 2024 · d06096a · d06096a
1 parent 0ed89d2
commit d06096a
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/weblate/utils/markdown.py b/weblate/utils/markdown.py
@@ -4,6 +4,7 @@
 from __future__ import annotations
 
 import re
+import threading
 from functools import reduce
 
 import mistletoe
@@ -14,6 +15,7 @@
 from weblate.auth.models import User
 
 MENTION_RE = re.compile(r"(?<!\w)(@[\w.@+-]+)\b")
+MARKDOWN_LOCK = threading.Lock()
 
 
 def get_mention_users(text):
@@ -118,7 +120,7 @@ def check_url(self, url: str) -> bool:
         return bool(self._allowed_url_re.match(url))
 
 
-def render_markdown(text):
+def render_markdown(text: str) -> str:
     users = {u.username.lower(): u for u in get_mention_users(text)}
     parts = MENTION_RE.split(text)
     for pos, part in enumerate(parts):
@@ -131,5 +133,5 @@ def render_markdown(text):
                 f'**[{part}]({user.get_absolute_url()} "{user.get_visible_name()}")**'
             )
     text = "".join(parts)
-    with SaferWeblateHtmlRenderer() as renderer:
+    with MARKDOWN_LOCK, SaferWeblateHtmlRenderer() as renderer:
         return mark_safe(renderer.render(mistletoe.Document(text)))  # noqa: S308