From 5f06d724bc05580e7f203db2d4a4905fc1127f98 Mon Sep 17 00:00:00 2001
From: Hsiaoming Yang <me@lepture.com>
Date: Tue, 21 Nov 2017 00:15:09 +0900
Subject: [PATCH] Fix CVE-2017-16876

---
 mistune.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/mistune.py b/mistune.py
index d6ecf7e..5b05fcb 100644
--- a/mistune.py
+++ b/mistune.py
@@ -11,7 +11,7 @@
 import re
 import inspect
 
-__version__ = '0.8'
+__version__ = '0.8.1'
 __author__ = 'Hsiaoming Yang <me@lepture.com>'
 __all__ = [
     'BlockGrammar', 'BlockLexer',
@@ -48,7 +48,8 @@ def _pure_pattern(regex):
 
 
 def _keyify(key):
-    return _key_pattern.sub(' ', key.lower())
+    key = escape(key.lower(), quote=True)
+    return _key_pattern.sub(' ', key)
 
 
 def escape(text, quote=False, smart_amp=True):
@@ -445,7 +446,8 @@ class InlineGrammar(object):
     inline_html = re.compile(
         r'^(?:%s|%s|%s)' % (
             r'<!--[\s\S]*?-->',
-            r'<(\w+%s)((?:%s)*?)\s*>([\s\S]*?)<\/\1>' % (_valid_end, _valid_attr),
+            r'<(\w+%s)((?:%s)*?)\s*>([\s\S]*?)<\/\1>' % (
+                _valid_end, _valid_attr),
             r'<\w+%s(?:%s)*?\s*\/?>' % (_valid_end, _valid_attr),
         )
     )