minted
minted copied to clipboard
Implement 3-step compilation to avoid need for -shell-escape
Calling latex with the -shell-escape option creates a security hazard. With caching, it is now possible to input pre-processed code listings on platforms that forbid the -shell-escape option. I wonder whether the caching mechanism can be extended into a 3-step compilation process (as with pygmentex.sty) where:
- minted.sty outputs to a file the options for calling Pygments,
- the user calls Pygments themselves,
- minted.sty inputs the generated content using the caching mechanism.
Having a 3-step compile process is definitely possible and is something I've considered in the past. I've implemented a 3-step process previously in pythontex
.
This probably isn't something I could add quickly due to other programming commitments, but sometime within a few months might be doable.
For future reference, or if you want more details about options, there are a few different ways a 3-step compile could be implemented.
- Add an option that redefines
\ShellEscape
to save thepygmentize
command to a temp file\minted@jobname<counter>.cmd
, while changing the file in which the code is saved from\[email protected]
to\minted@jobname<counter>.pyg
. This would produce 2 temp files perminted
command/environment. Then Pygments could be used to parse the command (probably usingmain()
incmdline.py
), and highlight the code in the temp file, saving the result in something like\minted@jobname<counter>.pygtex
. This approach would involve fewer changes to theminted
package, but would involve a lot of temp files (around 3 times more than current caching). - With somewhat more changes to
minted
, it would be possible to save all settings and code to a single data file, which could then be parsed by Python into individual code chunks and then highlighted. Depending on what's desired, it would be possible to put all highlighted results in a single file, rather than using one file per code chunk like the current caching approach. - Another option which I've considered is a
pythontex
add-on that adds full compatibility forminted
commands and environments.pythontex
provides commands and environments that are very similar to those inminted
, so it would be possible to make them compatible. The disadvantage is that this would need a way to disablepythontex
's code execution capabilities, which might complicate things whenpythontex
is used for its normal purposes.
Update: A 3-step compilation to avoid -shell-escape
is probably not going to happen. However, minted
version 3.0 is now under development, thanks to a grant from the TeX Users Group. It will replace pygmentize
with a new Python executable that is designed to be compatible with restricted shell escape (no -shell-escape
so the standard security issues are eliminated). Initial beta releases of minted
version 3.0 are expected by early 2024.