mirror of
https://github.com/tahoe-lafs/tahoe-lafs.git
synced 2024-12-20 13:33:09 +00:00
Use html.escape() instead of escapeToXml()
This commit is contained in:
parent
d5b5177e13
commit
894195dd37
@ -3,6 +3,7 @@ from __future__ import print_function
|
|||||||
import os.path, re, urllib, time, cgi
|
import os.path, re, urllib, time, cgi
|
||||||
import json
|
import json
|
||||||
import treq
|
import treq
|
||||||
|
import html
|
||||||
|
|
||||||
from bs4 import BeautifulSoup
|
from bs4 import BeautifulSoup
|
||||||
|
|
||||||
@ -13,8 +14,6 @@ from twisted.internet.task import Clock
|
|||||||
from twisted.web import client, error, http
|
from twisted.web import client, error, http
|
||||||
from twisted.python import failure, log
|
from twisted.python import failure, log
|
||||||
|
|
||||||
from twisted.words.xish.domish import escapeToXml
|
|
||||||
|
|
||||||
from allmydata import interfaces, uri, webish
|
from allmydata import interfaces, uri, webish
|
||||||
from allmydata.storage_client import StorageFarmBroker, StubServer
|
from allmydata.storage_client import StorageFarmBroker, StubServer
|
||||||
from allmydata.immutable import upload
|
from allmydata.immutable import upload
|
||||||
@ -365,9 +364,9 @@ class WebMixin(TimezoneMixin):
|
|||||||
self._htmlname_unicode = u"<&weirdly'named\"file>>>_<iframe />.txt"
|
self._htmlname_unicode = u"<&weirdly'named\"file>>>_<iframe />.txt"
|
||||||
self._htmlname_raw = self._htmlname_unicode.encode('utf-8')
|
self._htmlname_raw = self._htmlname_unicode.encode('utf-8')
|
||||||
self._htmlname_urlencoded = urllib.quote(self._htmlname_raw, '')
|
self._htmlname_urlencoded = urllib.quote(self._htmlname_raw, '')
|
||||||
self._htmlname_escaped = escapeToXml(self._htmlname_raw)
|
self._htmlname_escaped = html.escape(self._htmlname_raw)
|
||||||
self._htmlname_escaped_attr = cgi.escape(self._htmlname_raw, quote=True)
|
self._htmlname_escaped_attr = cgi.escape(self._htmlname_raw, quote=True)
|
||||||
self._htmlname_escaped_double = escapeToXml(cgi.escape(self._htmlname_raw, quote=True))
|
self._htmlname_escaped_double = html.escape(html.escape(self._htmlname_raw, quote=True))
|
||||||
self.HTMLNAME_CONTENTS, n, self._htmlname_txt_uri = self.makefile(0)
|
self.HTMLNAME_CONTENTS, n, self._htmlname_txt_uri = self.makefile(0)
|
||||||
foo.set_uri(self._htmlname_unicode, self._htmlname_txt_uri, self._htmlname_txt_uri)
|
foo.set_uri(self._htmlname_unicode, self._htmlname_txt_uri, self._htmlname_txt_uri)
|
||||||
|
|
||||||
@ -1983,7 +1982,8 @@ class Web(WebMixin, WebErrorMixin, testutil.StallMixin, testutil.ReallyEqualMixi
|
|||||||
self.failUnlessIn(entity, self._htmlname_raw)
|
self.failUnlessIn(entity, self._htmlname_raw)
|
||||||
self.failIfIn(entity, self._htmlname_escaped)
|
self.failIfIn(entity, self._htmlname_escaped)
|
||||||
self.failUnlessIn('&', re.sub(r'&(amp|lt|gt|quot|apos);', '', self._htmlname_raw))
|
self.failUnlessIn('&', re.sub(r'&(amp|lt|gt|quot|apos);', '', self._htmlname_raw))
|
||||||
self.failIfIn('&', re.sub(r'&(amp|lt|gt|quot|apos);', '', self._htmlname_escaped))
|
# escaped string is now `weirdly'namedfile_iframe /.txt`
|
||||||
|
self.failUnlessIn('&', re.sub(r'&(amp|lt|gt|quot|apos);', '', self._htmlname_escaped))
|
||||||
|
|
||||||
@inlineCallbacks
|
@inlineCallbacks
|
||||||
def test_GET_root_html(self):
|
def test_GET_root_html(self):
|
||||||
|
Loading…
Reference in New Issue
Block a user