Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
78326867
Commit
78326867
authored
Oct 01, 2003
by
Evan Simpson
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Completely fix bug #721 by using attrEscape instead of cgi.escape for
dynamic attribute values as well as static values.
parent
335cac9a
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
7 additions
and
4 deletions
+7
-4
doc/CHANGES.txt
doc/CHANGES.txt
+3
-0
lib/python/TAL/TALInterpreter.py
lib/python/TAL/TALInterpreter.py
+3
-3
lib/python/TAL/tests/test_talinterpreter.py
lib/python/TAL/tests/test_talinterpreter.py
+1
-1
No files found.
doc/CHANGES.txt
View file @
78326867
...
@@ -8,6 +8,9 @@ Zope Changes
...
@@ -8,6 +8,9 @@ Zope Changes
Bugs fixed
Bugs fixed
- Collector #721: Entities in tal:attribute values weren't
properly escaped.
- Collector #851: Traversable.py: A bare try..except shadowed
- Collector #851: Traversable.py: A bare try..except shadowed
conflict errors
conflict errors
...
...
lib/python/TAL/TALInterpreter.py
View file @
78326867
...
@@ -24,7 +24,7 @@ from cgi import escape
...
@@ -24,7 +24,7 @@ from cgi import escape
from
StringIO
import
StringIO
from
StringIO
import
StringIO
from
DocumentTemplate.DT_Util
import
ustr
from
DocumentTemplate.DT_Util
import
ustr
from
TALDefs
import
TAL_VERSION
,
TALError
,
METALError
from
TALDefs
import
TAL_VERSION
,
TALError
,
METALError
,
attrEscape
from
TALDefs
import
isCurrentVersion
,
getProgramVersion
,
getProgramMode
from
TALDefs
import
isCurrentVersion
,
getProgramVersion
,
getProgramMode
from
TALGenerator
import
TALGenerator
from
TALGenerator
import
TALGenerator
from
TranslationContext
import
TranslationContext
from
TranslationContext
import
TranslationContext
...
@@ -336,7 +336,7 @@ class TALInterpreter:
...
@@ -336,7 +336,7 @@ class TALInterpreter:
if
value
is
None
:
if
value
is
None
:
value
=
name
value
=
name
else
:
else
:
value
=
'%s="%s"'
%
(
name
,
escape
(
value
,
1
))
value
=
'%s="%s"'
%
(
name
,
attrEscape
(
value
))
return
1
,
name
,
value
return
1
,
name
,
value
def
attrAction_tal
(
self
,
item
):
def
attrAction_tal
(
self
,
item
):
...
@@ -369,7 +369,7 @@ class TALInterpreter:
...
@@ -369,7 +369,7 @@ class TALInterpreter:
value
=
translated
value
=
translated
if
value
is
None
:
if
value
is
None
:
value
=
name
value
=
name
value
=
'%s="%s"'
%
(
name
,
escape
(
value
,
1
))
value
=
'%s="%s"'
%
(
name
,
attrEscape
(
value
))
return
ok
,
name
,
value
return
ok
,
name
,
value
bytecode_handlers
[
"<attrAction>"
]
=
attrAction
bytecode_handlers
[
"<attrAction>"
]
=
attrAction
...
...
lib/python/TAL/tests/test_talinterpreter.py
View file @
78326867
...
@@ -221,7 +221,7 @@ class OutputPresentationTestCase(TestCaseBase):
...
@@ -221,7 +221,7 @@ class OutputPresentationTestCase(TestCaseBase):
self
.
compare
(
INPUT
,
EXPECTED
)
self
.
compare
(
INPUT
,
EXPECTED
)
def
check_entities
(
self
):
def
check_entities
(
self
):
INPUT
=
(
'<img tal:
define="foo nothing
" '
INPUT
=
(
'<img tal:
attributes="alt default
" '
'alt="&a;  
 &a - &; �a; <>" />'
)
'alt="&a;  
 &a - &; �a; <>" />'
)
EXPECTED
=
(
'<img alt="&a;  
 '
EXPECTED
=
(
'<img alt="&a;  
 '
'&a &#45 &; &#0a; <>" />
\
n
'
)
'&a &#45 &; &#0a; <>" />
\
n
'
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment