[CMF-checkins] SVN: CMF/trunk/GenericSetup/ Do proper quoting in XML export.

Florent Guillaume fg at nuxeo.com
Wed Dec 28 19:02:43 EST 2005 

Log message for revision 41048:
  Do proper quoting in XML export.

Changed:
  U   CMF/trunk/GenericSetup/tests/test_utils.py
  U   CMF/trunk/GenericSetup/utils.py

-=-
Modified: CMF/trunk/GenericSetup/tests/test_utils.py
===================================================================
--- CMF/trunk/GenericSetup/tests/test_utils.py	2005-12-28 19:29:29 UTC (rev 41047)
+++ CMF/trunk/GenericSetup/tests/test_utils.py	2005-12-29 00:02:42 UTC (rev 41048)
@@ -281,6 +281,27 @@
         self.assertEqual(doc.toprettyxml(' '), _EMPTY_PROPERTY_EXPORT)
 
 
+class PrettyDocumentTests(unittest.TestCase):
+
+    def test_attr_quoting(self):
+        doc = PrettyDocument()
+        node = doc.createElement('doc')
+        node.setAttribute('foo', 'baz <bar>&"'+"'")
+        doc.appendChild(node)
+        self.assertEqual(doc.toprettyxml(' '),
+                         '<?xml version="1.0"?>\n'
+                         '<doc foo="baz &lt;bar&gt;&amp;&quot;'+"'"+'"/>\n')
+
+    def test_text_quoting(self):
+        doc = PrettyDocument()
+        node = doc.createElement('doc')
+        child = doc.createTextNode('goo <hmm>&"'+"'")
+        node.appendChild(child)
+        doc.appendChild(node)
+        self.assertEqual(doc.toprettyxml(' '),
+                         '<?xml version="1.0"?>\n'
+                         '<doc>goo &lt;hmm&gt;&amp;"'+"'</doc>\n")
+
 def test_suite():
     # reimport to make sure tests are run from Products
     from Products.GenericSetup.tests.test_utils import UtilsTests
@@ -288,6 +309,7 @@
     return unittest.TestSuite((
         unittest.makeSuite(UtilsTests),
         unittest.makeSuite(PropertyManagerHelpersTests),
+        unittest.makeSuite(PrettyDocumentTests),
         ))
 
 if __name__ == '__main__':

Modified: CMF/trunk/GenericSetup/utils.py
===================================================================
--- CMF/trunk/GenericSetup/utils.py	2005-12-28 19:29:29 UTC (rev 41047)
+++ CMF/trunk/GenericSetup/utils.py	2005-12-29 00:02:42 UTC (rev 41048)
@@ -35,6 +35,7 @@
 except:
     #BBB: for Zope 2.8
     from Products.Five.bbb.OFS_interfaces import IOrderedContainer
+from cgi import escape
 from TAL.TALDefs import attrEscape
 from zope.app import zapi
 from zope.interface import implements
@@ -367,7 +368,8 @@
             wrapper.queue('>')
             for node in self.childNodes:
                 if node.nodeType == Node.TEXT_NODE:
-                    textlines = node.data.splitlines()
+                    data = escape(node.data)
+                    textlines = data.splitlines()
                     if textlines:
                         wrapper.queue(textlines.pop(0))
                     if textlines:
@@ -498,8 +500,15 @@
     def _importBody(self, body):
         """Import the object from the file body.
         """
-        self._importNode(parseString(body).documentElement)
+        from xml.parsers.expat import ExpatError
+        try:
+            node = parseString(body)
+        except ExpatError:
+            print 'error in', body
+            raise
 
+        self._importNode(node.documentElement)
+
     body = property(_exportBody, _importBody)
 
     mime_type = 'text/xml'

More information about the CMF-checkins mailing list