Edgewall Software

Opened 10 years ago

Last modified 7 years ago

#500 reopened defect

test_sanitize_remove_script_elem fails due to HTMLParser bugfixes in cpython

Reported by: stefanor@… Owned by: cmlenz
Priority: major Milestone: 0.8
Component: Parsing Version: devel
Keywords: Cc: al.willmer@…


The patch to HTMLParser for issue 13987 that landed in the cpython 2.7 branch breaks test_sanitize_remove_script_elem:

FAIL: test_sanitize_remove_script_elem (__main__.HTMLSanitizerTestCase)
Traceback (most recent call last):
  File "genshi/filters/tests/test_html.py", line 411, in test_sanitize_remove_script_elem
    self.assertRaises(ParseError, HTML, u'<SCR\0IPT>alert("foo")</SCR\0IPT>')
AssertionError: ParseError not raised

Change History (6)

comment:1 Changed 9 years ago by antonio.rosales@…

Hello,any update on the resolution of this ticket? It is currently breaking building and packing of Genshi.

-thanks, Antonio

comment:2 Changed 9 years ago by barry@…

Here's what I'm proposing to fix the problem in Ubuntu 12.10

--- a/genshi/filters/tests/html.py
+++ b/genshi/filters/tests/html.py
@@ -437,9 +440,9 @@
         # Case-insensitive protocol matching
         html = HTML('<IMG SRC=\'JaVaScRiPt:alert("foo")\'>')
         self.assertEquals('<img/>', (html | HTMLSanitizer()).render())
-        # Grave accents (not parsed)
-        self.assertRaises(ParseError, HTML,
-                          '<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>')
+        # Grave accents.
+        html = HTML('<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>')
+        self.assertEquals('<img/>', (html | HTMLSanitizer()).render())
         # Protocol encoded using UTF-8 numeric entities
         html = HTML('<IMG SRC=\'&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;'

comment:3 Changed 8 years ago by barry@…

  • Milestone changed from 0.6.1 to 0.8
  • Version changed from 0.6 to devel

This fails differently now with Python 2.7.6 and genshi 0.7:

FAIL: test_sanitize_remove_script_elem (genshi.filters.tests.test_html.HTMLSanitizerTestCase)
Traceback (most recent call last):
  File "/home/barry/projects/ubuntu/genshi/Genshi-0.7/genshi/filters/tests/test_html.py", line 422, in test_sanitize_remove_script_elem
    'SRC="http://example.com/"&gt;', src)
  File "/home/barry/projects/ubuntu/genshi/Genshi-0.7/genshi/filters/tests/test_html.py", line 376, in assert_parse_error_or_equal
    self.assertEquals(expected, (html | HTMLSanitizer()).render())
AssertionError: '&lt;SCRIPT&amp;XYZ; SRC="http://example.com/"&gt;' != ''


I think I'll just disable this test for Debian and Ubuntu.

comment:4 Changed 8 years ago by hodgestar

  • Resolution set to duplicate
  • Status changed from new to closed

This is a duplicate of #501.

comment:5 Changed 7 years ago by al.willmer@…

  • Cc al.willmer@… added

I'm not sure this bug is a duplicate of #501. test_sanitize_remove_script_elem still fails as of source:/branches/stable/0.6.x@1271, when run with Python 2.7.6. Or is 0.6.x no longer supported?

comment:6 Changed 7 years ago by anonymous

  • Resolution duplicate deleted
  • Status changed from closed to reopened

Ah, I forgot that 0.6 likely also needed updating.

Note: See TracTickets for help on using tickets.