Hi,
GenerateDS currently escapes entities in the contents of string tags
but not in the valueOf_ or attributes.
I've attached a patch which will escape the following for attributes:
& < > "
This includes everything except for ' which can be left alone as
generateDS always uses " around attributes.
For string tags and valueOf_ the following will be escaped:
& < >
So ' and " are not escaped as they can be left alone.
This is quite similar to element tree (although it escapes ' in
attributes, which it states is overkill).
This is working for the attributes that we are using, so I hope it's
useful for others :)
--- generateDS.py 2008-05-08 09:43:36.000000000 +1200
+++ generateDS-quote.py 2008-05-20 11:18:15.000000000 +1200
@@ -1243,17 +1243,17 @@
if attrDef.getUse() == 'optional':
s1 = " if self.get%s() is not None:\n" % (capName, )
outfile.write(s1)
- s1 = " outfile.write(' %s=\"%%s\"' %% (self.get%s(), ))\n" % \
+ s1 = " outfile.write(' %s=\"%%s\"' %% (quote_attrib(self.get%s()), ))\n" % \
(name, capName, )
outfile.write(s1)
else:
- s1 = " outfile.write(' %s=\"%%s\"' %% (self.get%s(), ))\n" % \
+ s1 = " outfile.write(' %s=\"%%s\"' %% (quote_attrib(self.get%s()), ))\n" % \
(name, capName, )
outfile.write(s1)
if element.getAnyAttribute():
s1 = ' for name, value in self.anyAttributes_.items():\n'
outfile.write(s1)
- s1 = " outfile.write(' %s=\"%s\"' % (name, value, ))\n"
+ s1 = " outfile.write(' %s=\"%s\"' % (name, quote_attrib(value), ))\n"
outfile.write(s1)
return hasAttributes
@@ -1355,7 +1355,7 @@
s1 = " %s.exportChildren(self, outfile, level, name_)\n" % (base, )
outfile.write(s1)
if childCount == 0:
- s1 = " outfile.write(self.valueOf_)\n"
+ s1 = " outfile.write(quote_xml(self.valueOf_))\n"
outfile.write(s1)
# end generateExportFn
@@ -3036,10 +3036,20 @@
outfile.write(' ')
def quote_xml(inStr):
- s1 = inStr
+ s1 = (isinstance(inStr, basestring) and inStr or
+ '%%s' %% inStr)
s1 = s1.replace('&', '&')
s1 = s1.replace('<', '<')
+ s1 = s1.replace('>', '>')
+ return s1
+
+def quote_attrib(inStr):
+ s1 = (isinstance(inStr, basestring) and inStr or
+ '%%s' %% inStr)
+ s1 = s1.replace('&', '&')
s1 = s1.replace('"', '"')
+ s1 = s1.replace('<', '<')
+ s1 = s1.replace('>', '>')
return s1
def quote_python(inStr):
--
Darius Powell ([EMAIL PROTECTED])
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
generateds-users mailing list
generateds-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/generateds-users
