https://github.com/python/cpython/commit/2f9131575b611dfc749242e8bbc6805bbc14683b
commit: 2f9131575b611dfc749242e8bbc6805bbc14683b
branch: 3.15
author: Serhiy Storchaka <[email protected]>
committer: serhiy-storchaka <[email protected]>
date: 2026-05-29T21:48:10Z
summary:
[3.15] gh-149489: Fix ElementTree serialization to HTML (GH-149490) (GH-150595)
* The content of comments, processing instructions and elements "xmp",
"iframe", "noembed", "noframes", and "plaintext" is no longer escaped.
* The "plaintext" element no longer have the closing tag.
* Add support of empty attributes (with value None).
(cherry picked from commit bcd29e466f55d8b4e3849ed6ada8ce86a46f5072)
files:
A Misc/NEWS.d/next/Library/2026-05-07-14-18-47.gh-issue-149489.bX9iHe.rst
M Lib/test/test_xml_etree.py
M Lib/xml/etree/ElementTree.py
diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
index f43f1708a0fabd8..27ea3c8c32fd8a5 100644
--- a/Lib/test/test_xml_etree.py
+++ b/Lib/test/test_xml_etree.py
@@ -1281,7 +1281,15 @@ def check(p, expected, namespaces=None):
{'': 'http://www.w3.org/2001/XMLSchema',
'ns': 'http://www.w3.org/2001/XMLSchema'})
- def test_processinginstruction(self):
+ def test_comment_serialization(self):
+ comm = ET.Comment('<spam> & ham')
+ # comments are not escaped
+ self.assertEqual(ET.tostring(comm), b'<!--<spam> & ham-->')
+ self.assertEqual(ET.tostring(comm, method='html'), b'<!--<spam> &
ham-->')
+ # no comments in text serialization
+ self.assertEqual(ET.tostring(comm, method='text'), b'')
+
+ def test_processinginstruction_serialization(self):
# Test ProcessingInstruction directly
self.assertEqual(ET.tostring(ET.ProcessingInstruction('test',
'instruction')),
@@ -1290,12 +1298,32 @@ def test_processinginstruction(self):
b'<?test instruction?>')
# Issue #2746
-
+ # processing instructions are not escaped
self.assertEqual(ET.tostring(ET.PI('test', '<testing&>')),
b'<?test <testing&>?>')
self.assertEqual(ET.tostring(ET.PI('test', '<testing&>\xe3'),
'latin-1'),
b"<?xml version='1.0' encoding='latin-1'?>\n"
b"<?test <testing&>\xe3?>")
+ pi = ET.PI('test', 'ham & eggs < spam')
+ self.assertEqual(ET.tostring(pi), b'<?test ham & eggs < spam?>')
+ self.assertEqual(ET.tostring(pi, method='html'), b'<?test ham & eggs <
spam?>')
+ # no processing instructions in text serialization
+ self.assertEqual(ET.tostring(pi, method='text'), b'')
+
+ def test_empty_attribute_serialization(self):
+ # empty attrs only work in html
+ elem = ET.Element('tag', attrib={'attr': None})
+ self.assertRaises(TypeError, ET.tostring, elem)
+ self.assertEqual(ET.tostring(elem, method='html'), b'<tag attr></tag>')
+
+ @support.subTests('tag', ("script", "style", "xmp", "iframe", "noembed",
"noframes"))
+ def test_html_cdata_elems_serialization(self, tag):
+ # content of raw text elements is not escaped in html
+ tag = tag.title()
+ elem = ET.Element(tag)
+ elem.text = '<spam>&ham'
+ self.assertEqual(ET.tostring(elem, method='html'),
+ ('<%s><spam>&ham</%s>' % (tag, tag)).encode())
def test_html_empty_elems_serialization(self):
# issue 15970
@@ -1311,6 +1339,14 @@ def test_html_empty_elems_serialization(self):
method='html')
self.assertEqual(serialized, expected)
+ def test_html_plaintext_serialization(self):
+ # content of plaintext is not escaped in html
+ # no end tag for plaintext
+ elem = ET.Element('PlainText')
+ elem.text = '<spam>&ham'
+ self.assertEqual(ET.tostring(elem, method='html'),
+ b'<PlainText><spam>&ham')
+
def test_dump_attribute_order(self):
# See BPO 34160
e = ET.Element('cirriculum', status='public', company='example')
diff --git a/Lib/xml/etree/ElementTree.py b/Lib/xml/etree/ElementTree.py
index 75bebc0b1668abd..53727d7940b3f2a 100644
--- a/Lib/xml/etree/ElementTree.py
+++ b/Lib/xml/etree/ElementTree.py
@@ -917,17 +917,20 @@ def _serialize_xml(write, elem, qnames, namespaces,
if elem.tail:
write(_escape_cdata(elem.tail))
+_CDATA_CONTENT_ELEMENTS = {"script", "style", "xmp", "iframe", "noembed",
+ "noframes", "plaintext"}
+
HTML_EMPTY = {"area", "base", "basefont", "br", "col", "embed", "frame", "hr",
"img", "input", "isindex", "link", "meta", "param", "source",
- "track", "wbr"}
+ "track", "wbr", "plaintext"}
def _serialize_html(write, elem, qnames, namespaces, **kwargs):
tag = elem.tag
text = elem.text
if tag is Comment:
- write("<!--%s-->" % _escape_cdata(text))
+ write("<!--%s-->" % text)
elif tag is ProcessingInstruction:
- write("<?%s?>" % _escape_cdata(text))
+ write("<?%s?>" % text)
else:
tag = qnames[tag]
if tag is None:
@@ -951,16 +954,19 @@ def _serialize_html(write, elem, qnames, namespaces,
**kwargs):
for k, v in items:
if isinstance(k, QName):
k = k.text
- if isinstance(v, QName):
- v = qnames[v.text]
+ k = qnames[k]
+ if v is None:
+ write(" %s" % k) # empty attr
else:
- v = _escape_attrib_html(v)
- # FIXME: handle boolean attributes
- write(" %s=\"%s\"" % (qnames[k], v))
+ if isinstance(v, QName):
+ v = qnames[v.text]
+ else:
+ v = _escape_attrib_html(v)
+ write(" %s=\"%s\"" % (k, v))
write(">")
ltag = tag.lower()
if text:
- if ltag == "script" or ltag == "style":
+ if ltag in _CDATA_CONTENT_ELEMENTS:
write(text)
else:
write(_escape_cdata(text))
diff --git
a/Misc/NEWS.d/next/Library/2026-05-07-14-18-47.gh-issue-149489.bX9iHe.rst
b/Misc/NEWS.d/next/Library/2026-05-07-14-18-47.gh-issue-149489.bX9iHe.rst
new file mode 100644
index 000000000000000..1550c893fd7c45b
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-05-07-14-18-47.gh-issue-149489.bX9iHe.rst
@@ -0,0 +1,5 @@
+Fix :mod:`~xml.etree.ElementTree` serialization to HTML. The content of
+comments, processing instructions and elements "xmp", "iframe", "noembed",
+"noframes", and "plaintext" is no longer escaped. The "plaintext" element no
+longer have the closing tag. Add support of empty attributes (with value
+``None``).
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
