Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign up[3.5] bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) (GH-16441) #16516
Conversation
This comment has been minimized.
This comment has been minimized.
|
Let's see if this PR also fails because of the Sphinx issue :-) |
This comment has been minimized.
This comment has been minimized.
|
The doc job of Travis CI fails: see https://bugs.python.org/issue38339 |
This comment has been minimized.
This comment has been minimized.
|
I rebased my PR on top of the commit edd9bc9 to fix the doc job of Travis CI. |
This comment has been minimized.
This comment has been minimized.
|
This PR now looks okay to merge it :) |
|
Minor readability recommendation to use def test_server_title_escape(self):
# bpo-38243: Ensure that the server title and documentation
# are escaped for HTML.
serv = self.serv
serv.set_server_title('test_title<script>')
serv.set_server_documentation('test_documentation<script>')
self.assertEqual('test_title<script>', serv.server_title)
self.assertEqual('test_documentation<script>',
serv.serv_documentation)
generated = serv.generate_html_documentation()
# ...This isn't at all critical as far as functionality goes, but it makes it easier to read by reducing some of the white noise. This is frequently done in other areas, such as the asyncio tests. For example, Edit: Never mind, this would have been addressed in the original PR #16373 and not just for the backport. It's probably not important enough to be worth adjusting separately. I only saw this specific PR because of the message from @vstinner in python-dev. |
This comment has been minimized.
This comment has been minimized.
says @corona10, the author of the origin fix in the master branch e8650a4 ;-)
This change is a backport to an old security branch (3.5). If you would like to enhance the readability, please propose a change on the master branch ;-) |
This comment has been minimized.
This comment has been minimized.
|
@corona10: Would you mind to use a GitHub review to officially "approve" the change? It's only to track than comments. |
I agree :)
No problem. Thanks for the tip. |
This comment has been minimized.
This comment has been minimized.
Alright, if you think it would be worthwhile, I can open a PR to master. Usually readability changes are hard to get merged, especially for the tests. |
This comment has been minimized.
This comment has been minimized.
I don't think that it's worth it. |
This comment has been minimized.
This comment has been minimized.
Neither did I. That's why I mentioned it in the edit for my initial comment:
IMO, readability changes should only be made when the original PR is in progress for test changes. But the tests should not be changed solely for readability purposes. Primarily because it's not worth the potential cost of breaking the functionality, not to mention the added review time. |
This comment has been minimized.
This comment has been minimized.
I'm the author of the PR. @corona10: What does it mean when you assign my own PR to myself? This PR should be merged by @larryhastings. Only the 3.5 release manager can merge changes into the 3.5 branch. |
This comment has been minimized.
This comment has been minimized.
|
@vstinner oh sorry. I didn't notice that. |
This comment has been minimized.
This comment has been minimized.
|
@corona10: No problem, only 3.5 and 3.6 branches are protected and only accept security fixes: https://devguide.python.org/#status-of-python-branches |
This comment has been minimized.
This comment has been minimized.
bedevere-bot
commented
Oct 29, 2019
|
@larryhastings: Please replace |
This comment has been minimized.
This comment has been minimized.
|
Thanks! |
vstinner commentedOct 1, 2019
•
edited by bedevere-bot
Escape the server title of xmlrpc.server.DocXMLRPCServer
when rendering the document page as HTML.
(cherry picked from commit e8650a4)
(cherry picked from commit 1698cac)
https://bugs.python.org/issue38243