[New-bugs-announce] [issue33303] ElementTree Comment text isn't escaped
John Burnett
report at bugs.python.org
Tue Apr 17 20:33:12 EDT 2018
New submission from John Burnett <python at johnburnett.com>:
The _serialize_xml function in ElementTree.py doesn't escape Comment.text values when writing output. This means the following code:
import sys
import xml.etree.ElementTree
elem = xml.etree.ElementTree.Comment()
elem.text = 'hi --> bye'
tree = xml.etree.ElementTree.ElementTree(elem)
tree.write(sys.stdout)
...will output the following invalid xml:
<!--hi --> bye-->
In Python 3.7, changing the _serialize_xml function on line 903/904 from this:
if tag is Comment:
write("<!--%s-->" % text)
...to this:
if tag is Comment:
write("<!--%s-->" % _escape_cdata(text))
...writes something more expected:
<!--hi --> bye-->
----------
components: XML
messages: 315428
nosy: eli.bendersky, johnburnett, scoder
priority: normal
severity: normal
status: open
title: ElementTree Comment text isn't escaped
type: behavior
versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue33303>
_______________________________________
More information about the New-bugs-announce
mailing list