Changes by Serhiy Storchaka storch...@gmail.com:
--
resolution: - fixed
stage: patch review - resolved
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10590
___
Roundup Robot added the comment:
New changeset fca669149d8a by Serhiy Storchaka in branch 'default':
Issue #10590: xml.sax.parseString() now supports string argument.
https://hg.python.org/cpython/rev/fca669149d8a
--
___
Python tracker
Serhiy Storchaka added the comment:
After resolving issue2175 and committing tests that works with current code,
only minimum of changes are left. Here is a patch that adds support of string
argument in xml.sax.parseString().
--
components: +Library (Lib) -Unicode
stage: needs patch -
Changes by Serhiy Storchaka storch...@gmail.com:
Added file: http://bugs.python.org/file38810/sax_parse_3.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10590
___
Roundup Robot added the comment:
New changeset 3ac1b21fbb42 by Serhiy Storchaka in branch '2.7':
Issue #10590: Added tests for xml.sax.parse() and xml.sax.parseString().
https://hg.python.org/cpython/rev/3ac1b21fbb42
New changeset ca8666310eb3 by Serhiy Storchaka in branch '3.4':
Issue #10590:
Changes by A.M. Kuchling a...@amk.ca:
--
nosy: -akuchling
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10590
___
___
Python-bugs-list mailing
Serhiy Storchaka added the comment:
There was no significant motion in the direction of fixing XML security issues.
May be resolve issue2175 first?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10590
Changes by Mark Lawrence breamore...@yahoo.co.uk:
--
nosy: -BreamoreBoy
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10590
___
___
Serhiy Storchaka added the comment:
Low-level part already extracted to issue17089 and committed. Issue16986 has a
similar patch for cElementTree. The main part of path was moved to issue2175
which is now pre-requisite for issue16986 and for this issue. It contains
additional tests and
Changes by Serhiy Storchaka storch...@gmail.com:
Removed file: http://bugs.python.org/file28757/sax_parse.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10590
___
Eli Bendersky added the comment:
Serhiy, OK - I'll look at #2175 first. But yes, Christian is right, let's wait
for the security issues to be resolved first.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10590
Eli Bendersky added the comment:
I'm not very knowledgeable in other XML modules, but I hate to see this patch
linger. Also it's a pre-requisite for #16986, it seems.
Serhiy, since the patch is large could you give a short summary of the things
it fixes? Note that the best approach IMHO is to
Christian Heimes added the comment:
Please hold of any modifications of XML code until we have decided how we are
going to fix the XML exploits.
Also I think this is a new feature and not a fix. parseString() is documented
as 'parses from a buffer string'. It doesn't say that it can parse
Changes by Serhiy Storchaka storch...@gmail.com:
--
dependencies: +Expat sax parser silently ignores the InputSource protocol
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10590
___
Changes by Serhiy Storchaka storch...@gmail.com:
--
dependencies: +Expat parser parses strings only when XML encoding is UTF-8
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10590
___
Changes by Eli Bendersky eli...@gmail.com:
--
nosy: -eli.bendersky
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10590
___
___
Python-bugs-list
Serhiy Storchaka added the comment:
Here is a patch which fixes this issue and a couple of related issues:
issue1483, issue2174, issue2175, issue10590.
--
keywords: +patch
nosy: +BreamoreBoy, akuchling, eli.bendersky, georg.brandl, loewis,
terry.reedy, tshepang, ygale
stage: needs
Changes by Serhiy Storchaka storch...@gmail.com:
--
assignee: - serhiy.storchaka
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10590
___
___
Serhiy Storchaka added the comment:
Indeed, xml.dom.minidom.parseString() and xml.etree.ElementTree.fromstring()
accepts both bytes and strings, xml.dom.minidom.parse(),
xml.etree.ElementTree.parse() and even xml.sax.parse() accepts both byte and
text streams. Only xml.sax.parseString()
New submission from Thomas Ryan tom.a.r...@gmail.com:
In 3.1.3, 3.1.2, maybe earlier...
xml.sax.parseString(string, handler, error_handler=handler.ErrorHandler())
Source code requires bytes, not a string as implied by function name and by the
documentation.
Exception thrown for strings.
20 matches
Mail list logo