Neil Schemenauer <[EMAIL PROTECTED]> wrote:
> While the lines marked with !!! do indeed fix the bug in question
> they introduced another. The bug is with %r formats. The existing
> code does:
>
> _escape_string(repr(v))
>
> your code changes it to:
>
> repr(_escape_string(v))
>
> That's not safe:
>
> >>> htmltext('repr: %r') % u"'"
> <htmltext 'repr: u"\'"'>
>
> Note the unescaped double quote characters. The output should be
> <htmltext "repr: u"'"">.
Ouch, I see...
Below is modified version of patch. I hope, it is correct:
>>> from quixote.html import htmltext
>>> htmltext('repr: %r') % "'"
<htmltext "repr: "'"">
>>> htmltext('repr: %r') % u"'"
<htmltext "repr: u"'"">
>>> htmltext('string %s') % u'"&"\u1234'
<htmltext u'string "&"\u1234'>
>>> htmltext('string %r') % u'"&"\u1234'
<htmltext "string u'"&"\\u1234'">
------------------ MODIFIED VERSION OF PATCH ------------------------
class escaped_str(str):
def __new__(cls, s):
result = str.__new__(cls, _escape_string(s))
result.original_string = s
return result
def __repr__(self):
return _escape_string(repr(self.original_string))
class escaped_unicode(unicode):
def __new__(cls, s):
result = unicode.__new__(cls, _escape_string(s))
result.original_string = s
return result
def __repr__(self):
return _escape_string(repr(self.original_string))
def _wraparg(arg):
if isinstance(arg, htmltext):
return stringify(arg)
elif isinstance(arg, str):
return escaped_str(arg)
elif isinstance(arg, unicode):
return escaped_unicode(arg)
elif isinstance(arg, (int, long, float)):
return arg
else:
return _QuoteWrapper(arg)
Best regards,
Alexander mailto:[EMAIL PROTECTED]
_______________________________________________
Quixote-users mailing list
[email protected]
http://mail.mems-exchange.org/mailman/listinfo/quixote-users
