[Zope-Checkins] CVS: Releases/Zope/lib/python/TAL - TALDefs.py:1.32 TALGenerator.py:1.59

Evan Simpson evan@zope.com
Mon, 16 Dec 2002 17:52:12 -0500


Update of /cvs-repository/Releases/Zope/lib/python/TAL
In directory cvs.zope.org:/tmp/cvs-serv20795

Modified Files:
	TALDefs.py TALGenerator.py 
Log Message:
Fix Collector #721 by preserving syntactically valid character entities in attributes.


=== Releases/Zope/lib/python/TAL/TALDefs.py 1.31 => 1.32 ===
--- Releases/Zope/lib/python/TAL/TALDefs.py:1.31	Mon Oct 28 15:43:10 2002
+++ Releases/Zope/lib/python/TAL/TALDefs.py	Mon Dec 16 17:52:11 2002
@@ -164,3 +164,24 @@
         if opcode == "version":
             return version
     return None
+
+import re
+_ent1_re = re.compile('&(?![A-Z#])', re.I)
+_entch_re = re.compile('&([A-Z][A-Z0-9]*)(?![A-Z0-9;])', re.I)
+_entn1_re = re.compile('&#(?![0-9X])', re.I)
+_entnx_re = re.compile('&(#X[A-F0-9]*)(?![A-F0-9;])', re.I)
+_entnd_re = re.compile('&(#[0-9][0-9]*)(?![0-9;])')
+del re
+
+def attrEscape(s):
+    """Replace special characters '&<>' by character entities,
+    except when '&' already begins a syntactically valid entity."""
+    s = _ent1_re.sub('&amp;', s)
+    s = _entch_re.sub(r'&amp;\1', s)
+    s = _entn1_re.sub('&amp;#', s)
+    s = _entnx_re.sub(r'&amp;\1', s)
+    s = _entnd_re.sub(r'&amp;\1', s)
+    s = s.replace('<', '&lt;')
+    s = s.replace('>', '&gt;')
+    s = s.replace('"', '&quot;')
+    return s


=== Releases/Zope/lib/python/TAL/TALGenerator.py 1.58 => 1.59 ===
--- Releases/Zope/lib/python/TAL/TALGenerator.py:1.58	Tue Oct  1 11:52:56 2002
+++ Releases/Zope/lib/python/TAL/TALGenerator.py	Mon Dec 16 17:52:11 2002
@@ -162,7 +162,7 @@
                 if item[1] is None:
                     s = item[0]
                 else:
-                    s = '%s="%s"' % (item[0], cgi.escape(item[1], 1))
+                    s = '%s="%s"' % (item[0], TALDefs.attrEscape(item[1]))
                 attrlist[i] = item[0], s
                 new.append(" " + s)
         # if no non-optimizable attributes were found, convert to plain text