[3.5] bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) (GH-16441)#16516
[3.5] bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) (GH-16441)#16516larryhastings merged 2 commits into
Conversation
Sorry, something went wrong.
|
Let's see if this PR also fails because of the Sphinx issue :-) |
Sorry, something went wrong.
|
The doc job of Travis CI fails: see https://bugs.python.org/issue38339 |
Sorry, something went wrong.
|
I rebased my PR on top of the commit edd9bc9 to fix the doc job of Travis CI. |
Sorry, something went wrong.
|
This PR now looks okay to merge it :) |
Sorry, something went wrong.
There was a problem hiding this comment.
Minor readability recommendation to use serv = self.serv:
def test_server_title_escape(self):
# bpo-38243: Ensure that the server title and documentation
# are escaped for HTML.
serv = self.serv
serv.set_server_title('test_title<script>')
serv.set_server_documentation('test_documentation<script>')
self.assertEqual('test_title<script>', serv.server_title)
self.assertEqual('test_documentation<script>',
serv.serv_documentation)
generated = serv.generate_html_documentation()
# ...This isn't at all critical as far as functionality goes, but it makes it easier to read by reducing some of the white noise. This is frequently done in other areas, such as the asyncio tests. For example, loop = self.loop; loop.create_future() instead of self.loop.create_future(), when the same instance attribute is repeatedly referenced (generally 3+ times, in this case it's 5).
Edit: Never mind, this would have been addressed in the original PR #16373 and not just for the backport. It's probably not important enough to be worth adjusting separately. I only saw this specific PR because of the message from @vstinner in python-dev.
Sorry, something went wrong.
says @corona10, the author of the origin fix in the master branch e8650a4 ;-)
This change is a backport to an old security branch (3.5). If you would like to enhance the readability, please propose a change on the master branch ;-) |
Sorry, something went wrong.
|
@corona10: Would you mind to use a GitHub review to officially "approve" the change? It's only to track than comments. |
Sorry, something went wrong.
corona10
left a comment
corona10
left a comment
There was a problem hiding this comment.
This change is a backport to an old security branch (3.5). If you would like to enhance the readability, please propose a change on the master branch ;-)
I agree :)
@corona10: Would you mind to use a GitHub review to officially "approve" the change? It's only to track than comments.
No problem. Thanks for the tip.
LGTM
Sorry, something went wrong.
Alright, if you think it would be worthwhile, I can open a PR to master. Usually readability changes are hard to get merged, especially for the tests. |
Sorry, something went wrong.
I don't think that it's worth it. |
Sorry, something went wrong.
Neither did I. That's why I mentioned it in the edit for my initial comment:
IMO, readability changes should only be made when the original PR is in progress for test changes. But the tests should not be changed solely for readability purposes. Primarily because it's not worth the potential cost of breaking the functionality, not to mention the added review time. |
Sorry, something went wrong.
I'm the author of the PR. @corona10: What does it mean when you assign my own PR to myself? This PR should be merged by @larryhastings. Only the 3.5 release manager can merge changes into the 3.5 branch. |
Sorry, something went wrong.
|
@corona10: No problem, only 3.5 and 3.6 branches are protected and only accept security fixes: https://devguide.python.org/#status-of-python-branches |
Sorry, something went wrong.
|
@larryhastings: Please replace |
Sorry, something went wrong.
|
Thanks! |
Sorry, something went wrong.
Escape the server title of xmlrpc.server.DocXMLRPCServer
when rendering the document page as HTML.
(cherry picked from commit e8650a4)
(cherry picked from commit 1698cac)
https://bugs.python.org/issue38243