| msg122933 - (view) |
Author: Thomas Ryan (Thomas.Ryan) |
Date: 2010-11-30 19:37 |
| In 3.1.3, 3.1.2, maybe earlier... xml.sax.parseString(string, handler, error_handler=handler.ErrorHandler()) Source code requires bytes, not a string as implied by function name and by the documentation. Exception thrown for strings. Since the name includes "string" the source should probably be fixed. Or at least update the documentation. Someday replace/augment parseString() with parseBytes()? |
|
|
| msg180045 - (view) |
Author: Serhiy Storchaka (serhiy.storchaka) *  |
Date: 2013-01-15 19:55 |
| Indeed, xml.dom.minidom.parseString() and xml.etree.ElementTree.fromstring() accepts both bytes and strings, xml.dom.minidom.parse(), xml.etree.ElementTree.parse() and even xml.sax.parse() accepts both byte and text streams. Only xml.sax.parseString() rejects strings in contrast to its name. This looks as 2 to 3 porting bug. |
|
|
| msg180141 - (view) |
Author: Serhiy Storchaka (serhiy.storchaka) * |
Date: 2013-01-17 16:50 |
| Here is a patch which fixes this issue and a couple of related issues: , , , . |
|
|
| msg183408 - (view) |
Author: Eli Bendersky (eli.bendersky) * |
Date: 2013-03-03 22:26 |
| I'm not very knowledgeable in other XML modules, but I hate to see this patch linger. Also it's a pre-requisite for #16986, it seems. Serhiy, since the patch is large could you give a short summary of the things it fixes? Note that the best approach IMHO is to submit and push minimal patches that fix specific issues and not lump several fixes together, unless it doesn't make sense to separate them. |
|
|
| msg183409 - (view) |
Author: Christian Heimes (christian.heimes) * |
Date: 2013-03-03 22:43 |
| Please hold of any modifications of XML code until we have decided how we are going to fix the XML exploits. Also I think this is a new feature and not a fix. parseString() is documented as 'parses from a buffer string'. It doesn't say that it can parse text. |
|
|
| msg183455 - (view) |
Author: Serhiy Storchaka (serhiy.storchaka) * |
Date: 2013-03-04 14:04 |
| Low-level part already extracted to and committed. Issue16986 has a similar patch for cElementTree. The main part of path was moved to which is now pre-requisite for and for this issue. It contains additional tests and additional fixes. It is hard and little sense to split them on separated patches. Let's move the discussion to . And then the patch for this issue will be small and simple, only several lines and one test. At least this issue is less important and actually can be considered as a new feature. |
|
|
| msg183457 - (view) |
Author: Eli Bendersky (eli.bendersky) * |
Date: 2013-03-04 14:18 |
| Serhiy, OK - I'll look at #2175 first. But yes, Christian is right, let's wait for the security issues to be resolved first. |
|
|
| msg231781 - (view) |
Author: Serhiy Storchaka (serhiy.storchaka) * |
Date: 2014-11-27 20:59 |
| There was no significant motion in the direction of fixing XML security issues. May be resolve first? |
|
|
| msg239945 - (view) |
Author: Roundup Robot (python-dev)  |
Date: 2015-04-02 20:22 |
| New changeset 3ac1b21fbb42 by Serhiy Storchaka in branch '2.7': Issue #10590: Added tests for xml.sax.parse() and xml.sax.parseString(). https://hg.python.org/cpython/rev/3ac1b21fbb42 New changeset ca8666310eb3 by Serhiy Storchaka in branch '3.4': Issue #10590: Added tests for xml.sax.parse() and xml.sax.parseString(). https://hg.python.org/cpython/rev/ca8666310eb3 New changeset 846c165cf643 by Serhiy Storchaka in branch 'default': Issue #10590: Added tests for xml.sax.parse() and xml.sax.parseString(). https://hg.python.org/cpython/rev/846c165cf643 |
|
|
| msg239946 - (view) |
Author: Serhiy Storchaka (serhiy.storchaka) * |
Date: 2015-04-02 20:25 |
| After resolving and committing tests that works with current code, only minimum of changes are left. Here is a patch that adds support of string argument in xml.sax.parseString(). |
|
|
| msg240048 - (view) |
Author: Roundup Robot (python-dev) |
Date: 2015-04-04 07:14 |
| New changeset fca669149d8a by Serhiy Storchaka in branch 'default': Issue #10590: xml.sax.parseString() now supports string argument. https://hg.python.org/cpython/rev/fca669149d8a |
|
|