[issue33303] ElementTree Comment text isn't escaped

John Burnett Tue, 17 Apr 2018 17:33:34 -0700

New submission from John Burnett <pyt...@johnburnett.com>:

The _serialize_xml function in ElementTree.py doesn't escape Comment.text 
values when writing output.  This means the following code:


    import sys
    import xml.etree.ElementTree
    elem = xml.etree.ElementTree.Comment()
    elem.text = 'hi --> bye'
    tree = xml.etree.ElementTree.ElementTree(elem)
    tree.write(sys.stdout)

...will output the following invalid xml:

    <!--hi --> bye-->

In Python 3.7, changing the _serialize_xml function on line 903/904 from this:

    if tag is Comment:
        write("<!--%s-->" % text)

...to this:

    if tag is Comment:
        write("<!--%s-->" % _escape_cdata(text))

...writes something more expected:

    <!--hi --&gt; bye-->

----------
components: XML
messages: 315428
nosy: eli.bendersky, johnburnett, scoder
priority: normal
severity: normal
status: open
title: ElementTree Comment text isn't escaped
type: behavior
versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue33303>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue33303] ElementTree Comment text isn't escaped

Reply via email to