From 82f2ea6a895b09c2ba9de821bc670824e7c9cd73 Mon Sep 17 00:00:00 2001
From: Crozzers <captaincrozzers@gmail.com>
Date: Wed, 3 Jan 2024 14:49:33 +0000
Subject: [PATCH] Fix incomplete comments in safe mode not being escaped

---
 lib/markdown2.py                          | 2 +-
 test/tm-cases/basic_safe_mode_escape.html | 2 ++
 test/tm-cases/basic_safe_mode_escape.text | 3 +++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/markdown2.py b/lib/markdown2.py
index d92b77b6..0bc16a35 100755
--- a/lib/markdown2.py
+++ b/lib/markdown2.py
@@ -2639,7 +2639,7 @@ def _encode_amps_and_angles(self, text):
         text = self._naked_gt_re.sub('&gt;', text)
         return text
 
-    _incomplete_tags_re = re.compile(r"<(/?\w+?(?!\w)\s*?.+?[\s/]+?)")
+    _incomplete_tags_re = re.compile(r"<(!--|/?\w+?(?!\w)\s*?.+?[\s/]+?)")
 
     def _encode_incomplete_tags(self, text):
         if self.safe_mode not in ("replace", "escape"):
diff --git a/test/tm-cases/basic_safe_mode_escape.html b/test/tm-cases/basic_safe_mode_escape.html
index af24510c..cd4f04cc 100644
--- a/test/tm-cases/basic_safe_mode_escape.html
+++ b/test/tm-cases/basic_safe_mode_escape.html
@@ -3,3 +3,5 @@
 <p>&lt;div&gt;yowzer!&lt;/div&gt;</p>
 
 <p>blah</p>
+
+<p><em>foo</em> &lt;!-- <em>bar</em></p>
diff --git a/test/tm-cases/basic_safe_mode_escape.text b/test/tm-cases/basic_safe_mode_escape.text
index ee042312..baf11d10 100644
--- a/test/tm-cases/basic_safe_mode_escape.text
+++ b/test/tm-cases/basic_safe_mode_escape.text
@@ -3,3 +3,6 @@ blah <img src="dangerous"> blah
 <div>yowzer!</div>
 
 blah
+
+
+*foo* <!-- *bar*