[Zope3-checkins] CVS: Zope3/lib/python/Zope/TAL - TALDefs.py:1.32 TALGenerator.py:1.61 TALParser.py:1.22

Godefroid Chapelle gotcha@swing.be
Tue, 17 Dec 2002 05:21:00 -0500 

Update of /cvs-repository/Zope3/lib/python/Zope/TAL
In directory cvs.zope.org:/tmp/cvs-serv30689

Modified Files:
	TALDefs.py TALGenerator.py TALParser.py 
Log Message:
port of fixes for #451 #468 #721 from Zope 2 collector


=== Zope3/lib/python/Zope/TAL/TALDefs.py 1.31 => 1.32 ===
--- Zope3/lib/python/Zope/TAL/TALDefs.py:1.31	Mon Jun 17 20:13:32 2002
+++ Zope3/lib/python/Zope/TAL/TALDefs.py	Tue Dec 17 05:20:30 2002
@@ -119,6 +119,7 @@
         if not m:
             raise TALError("Bad syntax in attributes:" + `part`)
         name, expr = m.group(1, 2)
+        name = name.lower()
         if dict.has_key(name):
             raise TALError("Duplicate attribute name in attributes:" + `part`)
         dict[name] = expr
@@ -163,6 +164,27 @@
         if opcode == "version":
             return version
     return None
+
+import re
+_ent1_re = re.compile('&(?![A-Z#])', re.I)
+_entch_re = re.compile('&([A-Z][A-Z0-9]*)(?![A-Z0-9;])', re.I)
+_entn1_re = re.compile('&#(?![0-9X])', re.I)
+_entnx_re = re.compile('&(#X[A-F0-9]*)(?![A-F0-9;])', re.I)
+_entnd_re = re.compile('&(#[0-9][0-9]*)(?![0-9;])')
+del re
+ 
+def attrEscape(s):
+    """Replace special characters '&<>' by character entities,
+    except when '&' already begins a syntactically valid entity."""
+    s = _ent1_re.sub('&amp;', s)
+    s = _entch_re.sub(r'&amp;\1', s)
+    s = _entn1_re.sub('&amp;#', s)
+    s = _entnx_re.sub(r'&amp;\1', s)
+    s = _entnd_re.sub(r'&amp;\1', s)
+    s = s.replace('<', '&lt;')
+    s = s.replace('>', '&gt;')
+    s = s.replace('"', '&quot;')
+    return s
 
 import cgi
 def quote(s, escape=cgi.escape):


=== Zope3/lib/python/Zope/TAL/TALGenerator.py 1.60 => 1.61 ===
--- Zope3/lib/python/Zope/TAL/TALGenerator.py:1.60	Thu Sep  5 16:52:09 2002
+++ Zope3/lib/python/Zope/TAL/TALGenerator.py	Tue Dec 17 05:20:30 2002
@@ -162,7 +162,7 @@
                 if item[1] is None:
                     s = item[0]
                 else:
-                    s = "%s=%s" % (item[0], TALDefs.quote(item[1]))
+                    s = '%s="%s"' % (item[0], TALDefs.attrEscape(item[1]))
                 attrlist[i] = item[0], s
                 new.append(" " + s)
         # if no non-optimizable attributes were found, convert to plain text


=== Zope3/lib/python/Zope/TAL/TALParser.py 1.21 => 1.22 ===
--- Zope3/lib/python/Zope/TAL/TALParser.py:1.21	Thu Sep  5 16:52:09 2002
+++ Zope3/lib/python/Zope/TAL/TALParser.py	Tue Dec 17 05:20:30 2002
@@ -72,7 +72,7 @@
         for key, value in attrlist:
             key, keybase, keyns = self.fixname(key)
             ns = keyns or namens # default to tag namespace
-            item = key, value
+            item = key.lower(), value
             if ns == 'metal':
                 metaldict[keybase] = value
                 item = item + ("metal",)