[Pkg-mozext-commits] [adblock-plus] 261/464: Locale parsing: Better escaping of data in DTD files

David Prévot taffit at moszumanska.debian.org
Tue Jul 22 20:44:23 UTC 2014


This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository adblock-plus.

commit 906b67da99a123dbd5702d6c8f9ef0fd644f3a9b
Author: Wladimir Palant <trev at adblockplus.org>
Date:   Wed Jul 4 15:47:08 2012 +0200

    Locale parsing: Better escaping of data in DTD files
---
 localeTools.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/localeTools.py b/localeTools.py
index adcc714..5048dee 100644
--- a/localeTools.py
+++ b/localeTools.py
@@ -4,7 +4,7 @@
 # version 2.0 (the "License"). You can obtain a copy of the License at
 # http://mozilla.org/MPL/2.0/.
 
-import re, sys, codecs, cgi, json
+import re, sys, codecs, json
 from StringIO import StringIO
 from ConfigParser import SafeConfigParser
 from xml.parsers.expat import ParserCreate, XML_PARAM_ENTITY_PARSING_ALWAYS
@@ -22,6 +22,12 @@ class OrderedDict(dict):
         yield (key, self[key])
         done.add(key)
 
+def escapeEntity(value):
+  return value.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"')
+
+def unescapeEntity(value):
+  return value.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"')
+
 def parseDTDString(data, path):
   result = []
   currentComment = [None]
@@ -39,7 +45,7 @@ def parseDTDString(data, path):
     currentComment[0] = data.strip()
 
   def EntityDeclHandler(entityName, is_parameter_entity, value, base, systemId, publicId, notationName):
-    result.append((entityName, currentComment[0], value))
+    result.append((unescapeEntity(entityName), currentComment[0], unescapeEntity(value.strip())))
     currentComment[0] = None
 
   parser.ExternalEntityRefHandler = ExternalEntityRefHandler
@@ -84,7 +90,7 @@ def readFile(path):
 
 def generateStringEntry(key, value, path):
   if path.endswith('.dtd'):
-    return '<!ENTITY %s "%s">\n' % (cgi.escape(key, True), cgi.escape(value, True))
+    return '<!ENTITY %s "%s">\n' % (escapeEntity(key), escapeEntity(value))
   else:
     return '%s=%s\n' % (key, value)
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/adblock-plus.git



More information about the Pkg-mozext-commits mailing list