diff options
| -rw-r--r-- | dev-python/dugong/dugong-3.7.ebuild | 6 | ||||
| -rw-r--r-- | dev-python/dugong/files/dugong-3.7-test-html-escape.patch | 46 |
2 files changed, 51 insertions, 1 deletions
diff --git a/dev-python/dugong/dugong-3.7.ebuild b/dev-python/dugong/dugong-3.7.ebuild index 105c42266bd..326f69c1fc6 100644 --- a/dev-python/dugong/dugong-3.7.ebuild +++ b/dev-python/dugong/dugong-3.7.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=6 -PYTHON_COMPAT=( python3_{4,5} ) +PYTHON_COMPAT=( python3_{4,5,6} ) inherit distutils-r1 @@ -21,6 +21,10 @@ DEPEND="dev-python/setuptools[${PYTHON_USEDEP}] dev-python/pytest-catchlog[${PYTHON_USEDEP}] )" +PATCHES=( + "${FILESDIR}"/${P}-test-html-escape.patch +) + python_test() { py.test -v || die "Tests failed under ${EPYTHON}" } diff --git a/dev-python/dugong/files/dugong-3.7-test-html-escape.patch b/dev-python/dugong/files/dugong-3.7-test-html-escape.patch new file mode 100644 index 00000000000..ba2ee587d0c --- /dev/null +++ b/dev-python/dugong/files/dugong-3.7-test-html-escape.patch @@ -0,0 +1,46 @@ +# HG changeset patch +# User Zac Medico <zmedico@gentoo.org> +# Date 1494468556 25200 +# Branch test-quote-html +# Node ID b8a28438442ec12cd4067fd3240d9afc8e6998da +# Parent a986296769f3fc4daa0f29fe28b857f43d05634d +Use html.escape for python3.6 compat + +https://bitbucket.org/nikratio/python-dugong/pull-requests/3 + +diff --git a/test/test_dugong.py b/test/test_dugong.py +--- a/test/test_dugong.py ++++ b/test/test_dugong.py +@@ -24,7 +24,7 @@ + from dugong import (HTTPConnection, BodyFollowing, CaseInsensitiveDict, _join, + ConnectionClosed) + import dugong +-from http.server import BaseHTTPRequestHandler, _quote_html ++from http.server import BaseHTTPRequestHandler + from io import TextIOWrapper + from base64 import b64encode + import http.client +@@ -34,6 +34,7 @@ + import ssl + import re + import os ++import html + import hashlib + import threading + import socketserver +@@ -1163,9 +1164,12 @@ + message = shortmsg + explain = longmsg + self.log_error("code %d, message %s", code, message) +- # using _quote_html to prevent Cross Site Scripting attacks (see bug #1100201) +- content = (self.error_message_format % {'code': code, 'message': _quote_html(message), +- 'explain': explain}).encode('utf-8', 'replace') ++ # HTML encode to prevent Cross Site Scripting attacks (see bug #1100201) ++ content = (self.error_message_format % { ++ 'code': code, ++ 'message': html.escape(message, quote=False), ++ 'explain': explain ++ }).encode('utf-8', 'replace') + self.send_response(code, message) + self.send_header("Content-Type", self.error_content_type) + self.send_header("Content-Length", str(len(content))) |