This is an archive of the discontinued Mercurial Phabricator instance.

Differential D965

templatefilters: be sure we always feed cgi.escape a str
ClosedPublic

Authored by durin42 on Oct 5 2017, 5:31 PM.

Details

Reviewers
pulkit
indygreg
yuja
Group Reviewers
hg-reviewers
Commits
rHG4296bbb19410: templatefilters: be sure we always feed cgi.escape a str
Summary

Diff Detail

Repository
rHG Mercurial
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

durin42 created this revision.Oct 5 2017, 5:31 PM
pulkit accepted this revision.Oct 5 2017, 7:14 PM
pulkit added a subscriber: pulkit.

Checked docs and made sure cgi.escape on Python 3 accepts str only.

indygreg accepted this revision.Oct 6 2017, 9:39 AM
indygreg added a subscriber: indygreg.

Oof. It is really tempting to roll our own function that doesn't require this ugliness. But that can be a follow-up.

This revision is now accepted and ready to land.Oct 6 2017, 9:39 AM
yuja requested changes to this revision.Oct 6 2017, 10:55 AM
yuja added a subscriber: yuja.

sysstr -> sysbytes can't be round-trip if non-ascii characters are involved.

Perhaps we can just vendor cgi.escape() and add b'' to every string.

This revision now requires changes to proceed.Oct 6 2017, 10:55 AM
Closed by commit rHG4296bbb19410: templatefilters: be sure we always feed cgi.escape a str (authored by durin42). · Explain WhyOct 8 2017, 4:37 AM
This revision was automatically updated to reflect the committed changes.
indygreg added a comment.Oct 8 2017, 4:40 AM

Bleh. I missed yuya's comment before doing a delayed push. Feel free to drop this from hg-committed or address as a follow-up.

durin42 added a comment.Oct 8 2017, 9:25 AM

I also popped D964 out of the stack until I can address review feedback. :)

Revision Contents
Changeset List

PathPackages
Mmercurial/templatefilters.py (3 lines)

Diff 2527

mercurial/templatefilters.py

""" """
return util.email(text) return util.email(text)
@templatefilter('escape') @templatefilter('escape')
def escape(text): def escape(text):
"""Any text. Replaces the special XML/XHTML characters "&", "<" """Any text. Replaces the special XML/XHTML characters "&", "<"
and ">" with XML entities, and filters out NUL characters. and ">" with XML entities, and filters out NUL characters.
""" """
return cgi.escape(text.replace('\0', ''), True) return pycompat.sysbytes(
cgi.escape(pycompat.sysstr(text.replace('\0', '')), True))
para_re = None para_re = None
space_re = None space_re = None
def fill(text, width, initindent='', hangindent=''): def fill(text, width, initindent='', hangindent=''):
'''fill many paragraphs with optional indentation.''' '''fill many paragraphs with optional indentation.'''
global para_re, space_re global para_re, space_re
if para_re is None: if para_re is None: