Commit 7de56f6a authored by Ezio Melotti's avatar Ezio Melotti

#670664: Fix HTMLParser to correctly handle the content of...

#670664: Fix HTMLParser to correctly handle the content of ``<script>...</script>`` and ``<style>...</style>``.
parent 4bfe03a4
...@@ -115,7 +115,8 @@ An exception is defined as well: ...@@ -115,7 +115,8 @@ An exception is defined as well:
.. method:: HTMLParser.handle_data(data) .. method:: HTMLParser.handle_data(data)
This method is called to process arbitrary data. It is intended to be This method is called to process arbitrary data (e.g. the content of
``<script>...</script>`` and ``<style>...</style>``). It is intended to be
overridden by a derived class; the base class implementation does nothing. overridden by a derived class; the base class implementation does nothing.
......
...@@ -62,6 +62,8 @@ locatestarttagend_tolerant = re.compile(r""" ...@@ -62,6 +62,8 @@ locatestarttagend_tolerant = re.compile(r"""
\s* # trailing whitespace \s* # trailing whitespace
""", re.VERBOSE) """, re.VERBOSE)
endendtag = re.compile('>') endendtag = re.compile('>')
# the HTML 5 spec, section 8.1.2.2, doesn't allow spaces between
# </ and the tag name, so maybe this should be fixed
endtagfind = re.compile('</\s*([a-zA-Z][-.a-zA-Z0-9:_]*)\s*>') endtagfind = re.compile('</\s*([a-zA-Z][-.a-zA-Z0-9:_]*)\s*>')
...@@ -121,6 +123,7 @@ class HTMLParser(_markupbase.ParserBase): ...@@ -121,6 +123,7 @@ class HTMLParser(_markupbase.ParserBase):
self.rawdata = '' self.rawdata = ''
self.lasttag = '???' self.lasttag = '???'
self.interesting = interesting_normal self.interesting = interesting_normal
self.cdata_elem = None
_markupbase.ParserBase.reset(self) _markupbase.ParserBase.reset(self)
def feed(self, data): def feed(self, data):
...@@ -145,11 +148,13 @@ class HTMLParser(_markupbase.ParserBase): ...@@ -145,11 +148,13 @@ class HTMLParser(_markupbase.ParserBase):
"""Return full source of start tag: '<...>'.""" """Return full source of start tag: '<...>'."""
return self.__starttag_text return self.__starttag_text
def set_cdata_mode(self): def set_cdata_mode(self, elem):
self.interesting = interesting_cdata self.interesting = interesting_cdata
self.cdata_elem = elem.lower()
def clear_cdata_mode(self): def clear_cdata_mode(self):
self.interesting = interesting_normal self.interesting = interesting_normal
self.cdata_elem = None
# Internal -- handle data as far as reasonable. May leave state # Internal -- handle data as far as reasonable. May leave state
# and data to be processed by a subsequent call. If 'end' is # and data to be processed by a subsequent call. If 'end' is
...@@ -314,7 +319,7 @@ class HTMLParser(_markupbase.ParserBase): ...@@ -314,7 +319,7 @@ class HTMLParser(_markupbase.ParserBase):
else: else:
self.handle_starttag(tag, attrs) self.handle_starttag(tag, attrs)
if tag in self.CDATA_CONTENT_ELEMENTS: if tag in self.CDATA_CONTENT_ELEMENTS:
self.set_cdata_mode() self.set_cdata_mode(tag)
return endpos return endpos
# Internal -- check to see if we have a complete starttag; return end # Internal -- check to see if we have a complete starttag; return end
...@@ -371,6 +376,9 @@ class HTMLParser(_markupbase.ParserBase): ...@@ -371,6 +376,9 @@ class HTMLParser(_markupbase.ParserBase):
j = match.end() j = match.end()
match = endtagfind.match(rawdata, i) # </ + tag + > match = endtagfind.match(rawdata, i) # </ + tag + >
if not match: if not match:
if self.cdata_elem is not None:
self.handle_data(rawdata[i:j])
return j
if self.strict: if self.strict:
self.error("bad end tag: %r" % (rawdata[i:j],)) self.error("bad end tag: %r" % (rawdata[i:j],))
k = rawdata.find('<', i + 1, j) k = rawdata.find('<', i + 1, j)
...@@ -380,8 +388,14 @@ class HTMLParser(_markupbase.ParserBase): ...@@ -380,8 +388,14 @@ class HTMLParser(_markupbase.ParserBase):
j = i + 1 j = i + 1
self.handle_data(rawdata[i:j]) self.handle_data(rawdata[i:j])
return j return j
tag = match.group(1)
self.handle_endtag(tag.lower()) elem = match.group(1).lower() # script or style
if self.cdata_elem is not None:
if elem != self.cdata_elem:
self.handle_data(rawdata[i:j])
return j
self.handle_endtag(elem.lower())
self.clear_cdata_mode() self.clear_cdata_mode()
return j return j
......
...@@ -321,18 +321,36 @@ DOCTYPE html [ ...@@ -321,18 +321,36 @@ DOCTYPE html [
("starttag_text", s)]) ("starttag_text", s)])
def test_cdata_content(self): def test_cdata_content(self):
s = """<script> <!-- not a comment --> &not-an-entity-ref; </script>""" contents = [
self._run_check(s, [ '<!-- not a comment --> &not-an-entity-ref;',
("starttag", "script", []), "<not a='start tag'>",
("data", " <!-- not a comment --> &not-an-entity-ref; "), '<a href="" /> <p> <span></span>',
("endtag", "script"), 'foo = "</scr" + "ipt>";',
]) 'foo = "</SCRIPT" + ">";',
s = """<script> <not a='start tag'> </script>""" 'foo = <\n/script> ',
self._run_check(s, [ '<!-- document.write("</scr" + "ipt>"); -->',
("starttag", "script", []), ('\n//<![CDATA[\n'
("data", " <not a='start tag'> "), 'document.write(\'<s\'+\'cript type="text/javascript" '
("endtag", "script"), 'src="http://www.example.org/r=\'+new '
]) 'Date().getTime()+\'"><\\/s\'+\'cript>\');\n//]]>'),
'\n<!-- //\nvar foo = 3.14;\n// -->\n',
'foo = "</sty" + "le>";',
'<!-- \u2603 -->',
# these two should be invalid according to the HTML 5 spec,
# section 8.1.2.2
#'foo = </\nscript>',
#'foo = </ script>',
]
elements = ['script', 'style', 'SCRIPT', 'STYLE', 'Script', 'Style']
for content in contents:
for element in elements:
element_lower = element.lower()
s = '<{element}>{content}</{element}>'.format(element=element,
content=content)
self._run_check(s, [("starttag", element_lower, []),
("data", content),
("endtag", element_lower)])
def test_entityrefs_in_attributes(self): def test_entityrefs_in_attributes(self):
self._run_check("<html foo='&euro;&amp;&#97;&#x61;&unsupported;'>", [ self._run_check("<html foo='&euro;&amp;&#97;&#x61;&unsupported;'>", [
......
...@@ -66,10 +66,13 @@ Core and Builtins ...@@ -66,10 +66,13 @@ Core and Builtins
Library Library
------- -------
- Issue 10817: Fix urlretrieve function to raise ContentTooShortError even - Issue #670664: Fix HTMLParser to correctly handle the content of
``<script>...</script>`` and ``<style>...</style>``.
- Issue #10817: Fix urlretrieve function to raise ContentTooShortError even
when reporthook is None. Patch by Jyrki Pulliainen. when reporthook is None. Patch by Jyrki Pulliainen.
- Issue 13296: Fix IDLE to clear compile __future__ flags on shell restart. - Issue #13296: Fix IDLE to clear compile __future__ flags on shell restart.
(Patch by Roger Serwy) (Patch by Roger Serwy)
- Issue #13293: Better error message when trying to marshal bytes using - Issue #13293: Better error message when trying to marshal bytes using
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment