From cabb531e2300c5643447ccd1ffd311ee5690773a Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Mon, 22 Jun 2009 10:39:05 -0400 Subject: [PATCH] Escape XML strings. Since John Doe is not valid XML. --- becommands/show.py | 9 +++------ libbe/bug.py | 3 ++- libbe/comment.py | 22 ++++++++++++---------- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/becommands/show.py b/becommands/show.py index 7c48257..0ef09f3 100644 --- a/becommands/show.py +++ b/becommands/show.py @@ -35,17 +35,14 @@ def execute(args, test=False): Created : Wed, 31 Dec 1969 19:00 (Thu, 01 Jan 1970 00:00:00 +0000) Bug A - >>> execute (["--xml", "a"], test=True) + >>> execute (["--xml", "a"], test=True) # doctest: +ELLIPSIS a a minor open - - - - John Doe - Wed, 31 Dec 1969 19:00 (Thu, 01 Jan 1970 00:00:00 +0000) + John Doe <jdoe@example.com> + ... Bug A """ diff --git a/libbe/bug.py b/libbe/bug.py index 59b011b..0e54a1a 100644 --- a/libbe/bug.py +++ b/libbe/bug.py @@ -18,6 +18,7 @@ import os import os.path import errno import time +import xml.sax.saxutils import doctest from beuuid import uuid_gen @@ -261,7 +262,7 @@ class Bug(settings_object.SavedSettingsObject): ret = '\n' for (k,v) in info: if v is not settings_object.EMPTY: - ret += ' <%s>%s\n' % (k,v,k) + ret += ' <%s>%s\n' % (k,xml.sax.saxutils.escape(v),k) if show_comments == True: comout = self.comment_root.xml_thread(auto_name_map=True, diff --git a/libbe/comment.py b/libbe/comment.py index 8d03a7b..d0fa5ee 100644 --- a/libbe/comment.py +++ b/libbe/comment.py @@ -19,6 +19,7 @@ import os import os.path import time +import xml.sax.saxutils import textwrap import doctest @@ -234,16 +235,17 @@ class Comment(Tree, settings_object.SavedSettingsObject): """ if shortname == None: shortname = self.uuid - lines = ["", - " %s" % self.uuid, - " %s" % (shortname,),] - if self.in_reply_to != settings_object.EMPTY: - lines.append(" %s" % self.in_reply_to) - lines.extend([ - " %s" % self._setting_attr_string("From"), - " %s" % self.time_string, - " %s" % (self.body or "").rstrip('\n'), - "\n"]) + info = [("uuid", self.uuid), + ("short-name", shortname), + ("in-reply-to", self.in_reply_to), + ("from", self._setting_attr_string("From")), + ("date", self.time_string), + ("body", (self.body or "").rstrip('\n'))] + lines = [""] + for (k,v) in info: + if v not in [settings_object.EMPTY, None]: + lines.append(' <%s>%s' % (k,xml.sax.saxutils.escape(v),k)) + lines.append("") istring = ' '*indent sep = '\n' + istring return istring + sep.join(lines).rstrip('\n') -- 2.26.2