diff options
author | Adriano Peluso <catonano@gmail.com> | 2017-04-05 15:29:56 +0200 |
---|---|---|
committer | Arun Isaac <arunisaac@systemreboot.net> | 2017-05-27 18:41:12 +0530 |
commit | b208f71b9b3540be9ae2b17b17b506a3526597b8 (patch) | |
tree | ca284e361d385ef3f93742fd3cac702a86227331 /gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch | |
parent | ad2ef260738982aa3493f1c54aa06aad8a827eea (diff) | |
download | guix-patches-b208f71b9b3540be9ae2b17b17b506a3526597b8.tar guix-patches-b208f71b9b3540be9ae2b17b17b506a3526597b8.tar.gz |
gnu: Add python-genshi.
* gnu/packages/python.scm (python-genshi, python2-genshi): New variables.
* gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch: New file.
* gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch: New file.
* gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch: New file.
* gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch: New file.
* gnu/packages/patches/python-genshi-isstring-helper.patch: New file.
* gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add them.
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
Diffstat (limited to 'gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch')
-rw-r--r-- | gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch b/gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch new file mode 100644 index 0000000000..29951a6149 --- /dev/null +++ b/gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch @@ -0,0 +1,51 @@ +From 0769be04c3891ae5c724c6779ba13d1d0f53b4ae Mon Sep 17 00:00:00 2001 +From: Simon Cross <hodgestar@gmail.com> +Date: Sun, 16 Feb 2014 18:25:17 +0000 +Subject: [PATCH 01/15] Also allow stripping of unsafe script tags (Python 3.4 + parses the second example as a tag whose name is script&xyz). + +--- + genshi/filters/tests/test_html.py | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/genshi/filters/tests/test_html.py b/genshi/filters/tests/test_html.py +index 0c6cfe1..45ec0da 100644 +--- a/genshi/filters/tests/test_html.py ++++ b/genshi/filters/tests/test_html.py +@@ -368,12 +368,16 @@ def StyleSanitizer(): + + class HTMLSanitizerTestCase(unittest.TestCase): + +- def assert_parse_error_or_equal(self, expected, exploit): ++ def assert_parse_error_or_equal(self, expected, exploit, ++ allow_strip=False): + try: + html = HTML(exploit) + except ParseError: + return +- self.assertEquals(expected, (html | HTMLSanitizer()).render()) ++ sanitized_html = (html | HTMLSanitizer()).render() ++ if not sanitized_html and allow_strip: ++ return ++ self.assertEquals(expected, sanitized_html) + + def test_sanitize_unchanged(self): + html = HTML(u'<a href="#">fo<br />o</a>') +@@ -416,10 +420,12 @@ class HTMLSanitizerTestCase(unittest.TestCase): + html = HTML(u'<SCRIPT SRC="http://example.com/"></SCRIPT>') + self.assertEquals('', (html | HTMLSanitizer()).render()) + src = u'<SCR\0IPT>alert("foo")</SCR\0IPT>' +- self.assert_parse_error_or_equal('<SCR\x00IPT>alert("foo")', src) ++ self.assert_parse_error_or_equal('<SCR\x00IPT>alert("foo")', src, ++ allow_strip=True) + src = u'<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>' + self.assert_parse_error_or_equal('<SCRIPT&XYZ; ' +- 'SRC="http://example.com/">', src) ++ 'SRC="http://example.com/">', src, ++ allow_strip=True) + + def test_sanitize_remove_onclick_attr(self): + html = HTML(u'<div onclick=\'alert("foo")\' />') +-- +2.12.0 + |