Fix: Check divid against spec.

Author: bjones1

runestone/common/runestonedirective.py

@@ -25,9 +25,10 @@
 from docutils.parsers.rst import Directive
 from docutils.utils import get_source_line
 from docutils.statemachine import ViewList
-
 from sphinx import application
 from sphinx.errors import ExtensionError
+from sphinx.util import logging
+
 
 UNNUMBERED_DIRECTIVES = [
     #    "activecode",
@@ -44,6 +45,8 @@
     "disqus",
 ]
 
+logger = logging.getLogger(__name__)
+
 
 # Provide a class which all Runestone nodes will inherit from.
 class RunestoneNode(nodes.Node):
@@ -265,6 +268,29 @@ def __init__(self, *args, **kwargs):
 
         self.explain_text = []
 
+    # Check for a `valid HTML5 divid <https://html.spec.whatwg.org/multipage/dom.html#the-id-attribute>`_.
+    def validate_divid(self, divid):
+        if (
+            # Per the spec, a divid must not contain `whitespace <https://infra.spec.whatwg.org/#ascii-whitespace>`_ (see also `Python string escape sequences <https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals>`_).
+            "\t" in divid
+            or "\n" in divid
+            or "\f" in divid
+            or "\r" in divid
+            or " " in divid
+            or
+            # Also avoid characters that need escaping for CSS to avoid problems there.
+            "." in divid
+            or "#" in divid
+            or ":" in divid
+            or
+            # It must also be at least one character long. This is probably taken care of by the existence of ``self.arguments[0]``, but here's a bit of paranoia:
+            len(divid) == 0
+        ):
+            logger.error(
+                f"Invalid divid '{divid}'.",
+                location=self.state_machine.get_source_and_line(self.lineno),
+            )
+
 
 # This is a base class for all Runestone directives which require a divid as their first parameter.
 class RunestoneIdDirective(RunestoneDirective):
@@ -318,9 +344,10 @@ def run(self):
         # Make sure the runestone directive at least requires an ID.
         assert self.required_arguments >= 1
         if "divid" not in self.options:
-            id_ = self.options["divid"] = self.arguments[0]
+            divid = self.options["divid"] = self.arguments[0]
         else:
-            id_ = self.options["divid"]
+            divid = self.options["divid"]
+        self.validate_divid(divid)
 
         self.options["qnumber"] = self.getNumber()
         # print(f"{id_} is number {self.options['qnumber']}")
@@ -331,19 +358,19 @@ def run(self):
         id_to_page = runestone_data.id_to_page
         page_to_id = runestone_data.page_to_id
         # See if this ID already exists.
-        if id_ in id_to_page:
-            page = id_to_page[id_]
+        if divid in id_to_page:
+            page = id_to_page[divid]
             # If it's not simply an update to an existing ID, complain.
             if page.docname != env.docname or page.lineno != self.lineno:
                 raise self.error(
                     "Duplicate ID -- see {}, line {}".format(page.docname, page.lineno)
                 )
             # Make sure our data structure is consistent.
-            assert id_ in page_to_id[page.docname]
+            assert divid in page_to_id[page.docname]
         else:
             # Add a new entry.
-            id_to_page[id_] = Struct(docname=env.docname, lineno=self.lineno)
-            page_to_id[env.docname].add(id_)
+            id_to_page[divid] = Struct(docname=env.docname, lineno=self.lineno)
+            page_to_id[env.docname].add(divid)
 
         self.in_exam = getattr(env, "in_timed", "")