Implement 3-step compilation to avoid need for -shell-escape

[gadmm]

Calling latex with the -shell-escape option creates a security hazard. With caching, it is now possible to input pre-processed code listings on platforms that forbid the -shell-escape option. I wonder whether the caching mechanism can be extended into a 3-step compilation process (as with pygmentex.sty) where:

1. minted.sty outputs to a file the options for calling Pygments,
2. the user calls Pygments themselves,
3. minted.sty inputs the generated content using the caching mechanism.

[gpoore]

Having a 3-step compile process is definitely possible and is something I've considered in the past. I've implemented a 3-step process previously in pythontex.

This probably isn't something I could add quickly due to other programming commitments, but sometime within a few months might be doable.

For future reference, or if you want more details about options, there are a few different ways a 3-step compile could be implemented.

1. Add an option that redefines \ShellEscape to save the pygmentize command to a temp file \minted@jobname<counter>.cmd, while changing the file in which the code is saved from \[email protected] to \minted@jobname<counter>.pyg. This would produce 2 temp files per minted command/environment. Then Pygments could be used to parse the command (probably using main() in cmdline.py), and highlight the code in the temp file, saving the result in something like \minted@jobname<counter>.pygtex. This approach would involve fewer changes to the minted package, but would involve a lot of temp files (around 3 times more than current caching).
2. With somewhat more changes to minted, it would be possible to save all settings and code to a single data file, which could then be parsed by Python into individual code chunks and then highlighted. Depending on what's desired, it would be possible to put all highlighted results in a single file, rather than using one file per code chunk like the current caching approach.
3. Another option which I've considered is a pythontex add-on that adds full compatibility for minted commands and environments. pythontex provides commands and environments that are very similar to those in minted, so it would be possible to make them compatible. The disadvantage is that this would need a way to disable pythontex's code execution capabilities, which might complicate things when pythontex is used for its normal purposes.

[gpoore]

Update: A 3-step compilation to avoid -shell-escape is probably not going to happen. However, minted version 3.0 is now under development, thanks to a grant from the TeX Users Group. It will replace pygmentize with a new Python executable that is designed to be compatible with restricted shell escape (no -shell-escape so the standard security issues are eliminated). Initial beta releases of minted version 3.0 are expected by early 2024.