[3.8] bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) by miss-islington · Pull Request #16439 · python/cpython
@@ -1,5 +1,6 @@
from xmlrpc.server import DocXMLRPCServer
import http.client
import re
import sys
import threading
import unittest
Expand Down
Expand Up
@@ -192,6 +193,21 @@ def test_annotations(self):
b'method_annotation</strong></a>(x: bytes)</dt></dl>'),
response.read())
def test_server_title_escape(self): # bpo-38243: Ensure that the server title and documentation # are escaped for HTML. self.serv.set_server_title('test_title<script>') self.serv.set_server_documentation('test_documentation<script>') self.assertEqual('test_title<script>', self.serv.server_title) self.assertEqual('test_documentation<script>', self.serv.server_documentation)
generated = self.serv.generate_html_documentation() title = re.search(r'<title>(.+?)</title>', generated).group() documentation = re.search(r'<p><tt>(.+?)</tt></p>', generated).group() self.assertEqual('<title>Python: test_title<script></title>', title) self.assertEqual('<p><tt>test_documentation<script></tt></p>', documentation)
if __name__ == '__main__': unittest.main()
def test_server_title_escape(self): # bpo-38243: Ensure that the server title and documentation # are escaped for HTML. self.serv.set_server_title('test_title<script>') self.serv.set_server_documentation('test_documentation<script>') self.assertEqual('test_title<script>', self.serv.server_title) self.assertEqual('test_documentation<script>', self.serv.server_documentation)
generated = self.serv.generate_html_documentation() title = re.search(r'<title>(.+?)</title>', generated).group() documentation = re.search(r'<p><tt>(.+?)</tt></p>', generated).group() self.assertEqual('<title>Python: test_title<script></title>', title) self.assertEqual('<p><tt>test_documentation<script></tt></p>', documentation)
if __name__ == '__main__': unittest.main()