aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorW. Trevor King <wking@drexel.edu>2009-06-22 10:39:05 -0400
committerW. Trevor King <wking@drexel.edu>2009-06-22 10:39:05 -0400
commitcabb531e2300c5643447ccd1ffd311ee5690773a (patch)
tree37c0a4144c302bba0a885820388db7ef1f96036c
parentfb342df1b66897ab17377d6e923049e292149683 (diff)
downloadbugseverywhere-cabb531e2300c5643447ccd1ffd311ee5690773a.tar.gz
Escape XML strings.
Since <creator>John Doe <jdoe@example.com></creator> is not valid XML.
Diffstat
-rw-r--r--becommands/show.py9
-rw-r--r--libbe/bug.py3
-rw-r--r--libbe/comment.py22
3 files changed, 17 insertions, 17 deletions
diff --git a/becommands/show.py b/becommands/show.py
index 7c48257..0ef09f3 100644
--- a/becommands/show.py
+++ b/becommands/show.py
@@ -35,17 +35,14 @@ def execute(args, test=False):
Created : Wed, 31 Dec 1969 19:00 (Thu, 01 Jan 1970 00:00:00 +0000)
Bug A
<BLANKLINE>
- >>> execute (["--xml", "a"], test=True)
+ >>> execute (["--xml", "a"], test=True) # doctest: +ELLIPSIS
<bug>
<uuid>a</uuid>
<short-name>a</short-name>
<severity>minor</severity>
<status>open</status>
- <assigned><class 'libbe.settings_object.EMPTY'></assigned>
- <target><class 'libbe.settings_object.EMPTY'></target>
- <reporter><class 'libbe.settings_object.EMPTY'></reporter>
- <creator>John Doe <jdoe@example.com></creator>
- <created>Wed, 31 Dec 1969 19:00 (Thu, 01 Jan 1970 00:00:00 +0000)</created>
+ <creator>John Doe &lt;jdoe@example.com&gt;</creator>
+ <created>...</created>
<summary>Bug A</summary>
</bug>
"""
diff --git a/libbe/bug.py b/libbe/bug.py
index 59b011b..0e54a1a 100644
--- a/libbe/bug.py
+++ b/libbe/bug.py
@@ -18,6 +18,7 @@ import os
import os.path
import errno
import time
+import xml.sax.saxutils
import doctest
from beuuid import uuid_gen
@@ -261,7 +262,7 @@ class Bug(settings_object.SavedSettingsObject):
ret = '<bug>\n'
for (k,v) in info:
if v is not settings_object.EMPTY:
- ret += ' <%s>%s</%s>\n' % (k,v,k)
+ ret += ' <%s>%s</%s>\n' % (k,xml.sax.saxutils.escape(v),k)
if show_comments == True:
comout = self.comment_root.xml_thread(auto_name_map=True,
diff --git a/libbe/comment.py b/libbe/comment.py
index 8d03a7b..d0fa5ee 100644
--- a/libbe/comment.py
+++ b/libbe/comment.py
@@ -19,6 +19,7 @@
import os
import os.path
import time
+import xml.sax.saxutils
import textwrap
import doctest
@@ -234,16 +235,17 @@ class Comment(Tree, settings_object.SavedSettingsObject):
"""
if shortname == None:
shortname = self.uuid
- lines = ["<comment>",
- " <uuid>%s</uuid>" % self.uuid,
- " <short-name>%s</short-name>" % (shortname,),]
- if self.in_reply_to != settings_object.EMPTY:
- lines.append(" <in-reply-to>%s</in-reply-to>" % self.in_reply_to)
- lines.extend([
- " <from>%s</from>" % self._setting_attr_string("From"),
- " <date>%s</date>" % self.time_string,
- " <body>%s</body>" % (self.body or "").rstrip('\n'),
- "</comment>\n"])
+ info = [("uuid", self.uuid),
+ ("short-name", shortname),
+ ("in-reply-to", self.in_reply_to),
+ ("from", self._setting_attr_string("From")),
+ ("date", self.time_string),
+ ("body", (self.body or "").rstrip('\n'))]
+ lines = ["<comment>"]
+ for (k,v) in info:
+ if v not in [settings_object.EMPTY, None]:
+ lines.append(' <%s>%s</%s>' % (k,xml.sax.saxutils.escape(v),k))
+ lines.append("</comment>")
istring = ' '*indent
sep = '\n' + istring
return istring + sep.join(lines).rstrip('\n')
generated by cgit (git 2.34.1) at 2024-11-10 05:58:57 +0000