https://github.com/python/cpython/commit/893707c53852150e65068fcf80ac5469bde0c0ee
commit: 893707c53852150e65068fcf80ac5469bde0c0ee
branch: 3.14
author: Serhiy Storchaka <[email protected]>
committer: ambv <[email protected]>
date: 2025-07-21T20:34:24+02:00
summary:
[3.14] gh-135661: Fix parsing attributes with whitespaces around the "="
separator in HTMLParser (GH-136908) (#136927)
files:
A Misc/NEWS.d/next/Security/2025-07-21-14-15-25.gh-issue-135661.nAxXw5.rst
M Lib/html/parser.py
M Lib/test/test_htmlparser.py
M Misc/NEWS.d/3.14.0b4.rst
diff --git a/Lib/html/parser.py b/Lib/html/parser.py
index 9b4f09599134bd..7eea885cfe63c5 100644
--- a/Lib/html/parser.py
+++ b/Lib/html/parser.py
@@ -45,7 +45,7 @@
(
(?<=['"\t\n\r\f /])[^\t\n\r\f />][^\t\n\r\f /=>]* # attribute name
)
- (= # value indicator
+ ([\t\n\r\f ]*=[\t\n\r\f ]* # value indicator
('[^']*' # LITA-enclosed value
|"[^"]*" # LIT-enclosed value
|(?!['"])[^>\t\n\r\f ]* # bare value
@@ -57,7 +57,7 @@
[a-zA-Z][^\t\n\r\f />]* # tag name
[\t\n\r\f /]* # optional whitespace before attribute name
(?:(?<=['"\t\n\r\f /])[^\t\n\r\f />][^\t\n\r\f /=>]* # attribute name
- (?:= # value indicator
+ (?:[\t\n\r\f ]*=[\t\n\r\f ]* # value indicator
(?:'[^']*' # LITA-enclosed value
|"[^"]*" # LIT-enclosed value
|(?!['"])[^>\t\n\r\f ]* # bare value
diff --git a/Lib/test/test_htmlparser.py b/Lib/test/test_htmlparser.py
index 15cad061889a79..47c0752fb517b9 100644
--- a/Lib/test/test_htmlparser.py
+++ b/Lib/test/test_htmlparser.py
@@ -623,7 +623,7 @@ def test_correct_detection_of_start_tags(self):
html = '<div style="", foo = "bar" ><b>The <a href="some_url">rain</a>'
expected = [
- ('starttag', 'div', [('style', ''), (',', None), ('foo', None),
('=', None), ('"bar"', None)]),
+ ('starttag', 'div', [('style', ''), (',', None), ('foo', 'bar')]),
('starttag', 'b', []),
('data', 'The '),
('starttag', 'a', [('href', 'some_url')]),
@@ -813,12 +813,12 @@ def test_attr_syntax(self):
]
self._run_check("""<a b='v' c="v" d=v e>""", output)
self._run_check("<a foo==bar>", [('starttag', 'a', [('foo', '=bar')])])
- self._run_check("<a foo =bar>", [('starttag', 'a', [('foo', None),
('=bar', None)])])
- self._run_check("<a foo\t=bar>", [('starttag', 'a', [('foo', None),
('=bar', None)])])
+ self._run_check("<a foo =bar>", [('starttag', 'a', [('foo', 'bar')])])
+ self._run_check("<a foo\t=bar>", [('starttag', 'a', [('foo', 'bar')])])
self._run_check("<a foo\v=bar>", [('starttag', 'a', [('foo\v',
'bar')])])
self._run_check("<a foo\xa0=bar>", [('starttag', 'a', [('foo\xa0',
'bar')])])
- self._run_check("<a foo= bar>", [('starttag', 'a', [('foo', ''),
('bar', None)])])
- self._run_check("<a foo=\tbar>", [('starttag', 'a', [('foo', ''),
('bar', None)])])
+ self._run_check("<a foo= bar>", [('starttag', 'a', [('foo', 'bar')])])
+ self._run_check("<a foo=\tbar>", [('starttag', 'a', [('foo', 'bar')])])
self._run_check("<a foo=\vbar>", [('starttag', 'a', [('foo',
'\vbar')])])
self._run_check("<a foo=\xa0bar>", [('starttag', 'a', [('foo',
'\xa0bar')])])
@@ -829,8 +829,8 @@ def test_attr_values(self):
("d", "\txyz\n")])])
self._run_check("""<a b='' c="">""",
[("starttag", "a", [("b", ""), ("c", "")])])
- self._run_check("<a b=\t c=\n>",
- [("starttag", "a", [("b", ""), ("c", "")])])
+ self._run_check("<a b=\tx c=\ny>",
+ [('starttag', 'a', [('b', 'x'), ('c', 'y')])])
self._run_check("<a b=\v c=\xa0>",
[("starttag", "a", [("b", "\v"), ("c", "\xa0")])])
# Regression test for SF patch #669683.
@@ -899,13 +899,17 @@ def test_malformed_attributes(self):
)
expected = [
('starttag', 'a', [('href', "test'style='color:red;bad1'")]),
- ('data', 'test - bad1'), ('endtag', 'a'),
+ ('data', 'test - bad1'),
+ ('endtag', 'a'),
('starttag', 'a', [('href', "test'+style='color:red;ba2'")]),
- ('data', 'test - bad2'), ('endtag', 'a'),
+ ('data', 'test - bad2'),
+ ('endtag', 'a'),
('starttag', 'a', [('href', "test'\xa0style='color:red;bad3'")]),
- ('data', 'test - bad3'), ('endtag', 'a'),
- ('starttag', 'a', [('href', None), ('=', None),
("test' style", 'color:red;bad4')]),
- ('data', 'test - bad4'), ('endtag', 'a')
+ ('data', 'test - bad3'),
+ ('endtag', 'a'),
+ ('starttag', 'a', [('href', "test'\xa0style='color:red;bad4'")]),
+ ('data', 'test - bad4'),
+ ('endtag', 'a'),
]
self._run_check(html, expected)
diff --git a/Misc/NEWS.d/3.14.0b4.rst b/Misc/NEWS.d/3.14.0b4.rst
index b96f96caa3f280..349023ec75865d 100644
--- a/Misc/NEWS.d/3.14.0b4.rst
+++ b/Misc/NEWS.d/3.14.0b4.rst
@@ -75,7 +75,7 @@ to the HTML5 standard.
* Multiple ``=`` between attribute name and value are no longer collapsed.
E.g. ``<a foo==bar>`` produces attribute "foo" with value "=bar".
-* Whitespaces between the ``=`` separator and attribute name or value are no
+* [Reverted in :gh:`136927`] Whitespaces between the ``=`` separator and
attribute name or value are no
longer ignored. E.g. ``<a foo =bar>`` produces two attributes "foo" and
"=bar", both with value None; ``<a foo= bar>`` produces two attributes:
"foo" with value "" and "bar" with value None.
diff --git
a/Misc/NEWS.d/next/Security/2025-07-21-14-15-25.gh-issue-135661.nAxXw5.rst
b/Misc/NEWS.d/next/Security/2025-07-21-14-15-25.gh-issue-135661.nAxXw5.rst
new file mode 100644
index 00000000000000..533e4df8626b90
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2025-07-21-14-15-25.gh-issue-135661.nAxXw5.rst
@@ -0,0 +1,2 @@
+Fix parsing attributes with whitespaces around the ``=`` separator in
+:class:`html.parser.HTMLParser` according to the HTML5 standard.
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
