Package: python3-simpletal Version: 5.2-1.1 Severity: important Tags: patch upstream X-Debbugs-Cc: cont...@olivieraubert.net
Dear Maintainer, the cgi.escape method (which is used in simpleTALUtils) has been marked as deprecated since python 3.2, and removed in python3.8. To make it work with current python versions, cgi.escape should be replaced by html.escape Here is a patch for fixing this issue. I also have reported it upstream. Best regards, and thanks for you work -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.9.0-5-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python3-simpletal depends on: ii python3 3.9.1-1 python3-simpletal recommends no packages. python3-simpletal suggests no packages. -- no debconf information
diff --git a/lib/simpletal/simpleTALUtils.py b/lib/simpletal/simpleTALUtils.py index ee78690..860d74f 100644 --- a/lib/simpletal/simpleTALUtils.py +++ b/lib/simpletal/simpleTALUtils.py @@ -34,7 +34,7 @@ Module Dependencies: None """ -import io, os, stat, threading, sys, codecs, cgi, re, types, logging +import io, os, stat, threading, sys, codecs, html, re, types, logging from . import __version__, simpleTAL # This is used to check for already escaped attributes. @@ -114,7 +114,7 @@ def tagAsText (tag,atts): # We already have some escaped characters in here, so assume it's all valid result += ' %s="%s"' % (name, value) else: - result += ' %s="%s"' % (name, cgi.escape (value)) + result += ' %s="%s"' % (name, html.escape (value)) result += ">" return result @@ -195,11 +195,11 @@ def cmdEndTagEndScope (self, command, args): self.file.write (str (str (resultVal), 'ascii')) else: if (isinstance (resultVal, str)): - self.file.write (cgi.escape (resultVal)) + self.file.write (html.escape (resultVal)) elif (isinstance (resultVal, bytes)): - self.file.write (cgi.escape (str (resultVal, 'ascii'))) + self.file.write (html.escape (str (resultVal, 'ascii'))) else: - self.file.write (cgi.escape (str (str (resultVal), 'ascii'))) + self.file.write (html.escape (str (str (resultVal), 'ascii'))) if (self.outputTag and not args[1]): self.file.write ('</' + args[0] + '>')