New submission from John Burnett <[email protected]>:
The _serialize_xml function in ElementTree.py doesn't escape Comment.text
values when writing output. This means the following code:
import sys
import xml.etree.ElementTree
elem = xml.etree.ElementTree.Comment()
elem.text = 'hi --> bye'
tree = xml.etree.ElementTree.ElementTree(elem)
tree.write(sys.stdout)
...will output the following invalid xml:
<!--hi --> bye-->
In Python 3.7, changing the _serialize_xml function on line 903/904 from this:
if tag is Comment:
write("<!--%s-->" % text)
...to this:
if tag is Comment:
write("<!--%s-->" % _escape_cdata(text))
...writes something more expected:
<!--hi --> bye-->
----------
components: XML
messages: 315428
nosy: eli.bendersky, johnburnett, scoder
priority: normal
severity: normal
status: open
title: ElementTree Comment text isn't escaped
type: behavior
versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue33303>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
