RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/python/cpython/commit/1698cacfb924d1df452e78d11a4bf81ae7777389 below:

Escape the server_title (GH-16373) (GH-16441) · python/cpython@1698cac · GitHub

File tree Expand file treeCollapse file tree 3 files changed

+21

-1

lines changed

Filter options

Misc/NEWS.d/next/Security

Expand file treeCollapse file tree 3 files changed

+21

-1

lines changed Original file line number Diff line number Diff line change


 @@ -1,5 +1,6 @@

1 1


 from xmlrpc.server import DocXMLRPCServer

2 2


 import http.client

3

+
 import re

3 4


 import sys

4 5


 from test import support

5 6


 threading = support.import_module('threading')


 @@ -193,6 +194,21 @@ def test_annotations(self):

193 194


 b'method_annotation</strong></a>(x: bytes)</dt></dl>'),

194 195


 response.read())

195 196 197

+
 def test_server_title_escape(self):

198

+
 # bpo-38243: Ensure that the server title and documentation

199

+
 # are escaped for HTML.

200

+
 self.serv.set_server_title('test_title<script>')

201

+
 self.serv.set_server_documentation('test_documentation<script>')

202

+
 self.assertEqual('test_title<script>', self.serv.server_title)

203

+
 self.assertEqual('test_documentation<script>',

204

+
 self.serv.server_documentation)

205 + 206

+
 generated = self.serv.generate_html_documentation()

207

+
 title = re.search(r'<title>(.+?)</title>', generated).group()

208

+
 documentation = re.search(r'<p><tt>(.+?)</tt></p>', generated).group()

209

+
 self.assertEqual('<title>Python: test_title&lt;script&gt;</title>', title)

210

+
 self.assertEqual('<p><tt>test_documentation&lt;script&gt;</tt></p>', documentation)

211 + 196 212 197 213


 if __name__ == '__main__':

198 214


 unittest.main()

Original file line number Diff line number Diff line change


 @@ -106,6 +106,7 @@ def export_add(self, x, y):

106 106 107 107


 from xmlrpc.client import Fault, dumps, loads, gzip_encode, gzip_decode

108 108


 from http.server import BaseHTTPRequestHandler

109

+
 import html

109 110


 import http.server

110 111


 import socketserver

111 112


 import sys


 @@ -904,7 +905,7 @@ def generate_html_documentation(self):

904 905


 methods

905 906

906 907 907

-
 return documenter.page(self.server_title, documentation)

908

+
 return documenter.page(html.escape(self.server_title), documentation)

908 909 909 910


 class DocXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):

910 911


 """XML-RPC and documentation request handler class.

Original file line number Diff line number Diff line change


 @@ -0,0 +1,3 @@

1

+
 Escape the server title of :class:`xmlrpc.server.DocXMLRPCServer`

2

+
 when rendering the document page as HTML.

3

+
 (Contributed by Dong-hee Na in :issue:`38243`.)

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4