[Checkins] SVN: zope.error/trunk/ - Added explicit tests for escaping introduced in 3.7.3.
Michael Howitz
mh at gocept.com
Wed Feb 1 14:27:39 UTC 2012
Log message for revision 124272:
- Added explicit tests for escaping introduced in 3.7.3.
- Handing names of classes those string representation cannot
be determined as untrusted input thus escaping them in error reports.
Changed:
U zope.error/trunk/CHANGES.txt
U zope.error/trunk/src/zope/error/error.py
U zope.error/trunk/src/zope/error/tests.py
-=-
Modified: zope.error/trunk/CHANGES.txt
===================================================================
--- zope.error/trunk/CHANGES.txt 2012-02-01 14:23:44 UTC (rev 124271)
+++ zope.error/trunk/CHANGES.txt 2012-02-01 14:27:38 UTC (rev 124272)
@@ -5,7 +5,10 @@
3.7.4 (unreleased)
------------------
+- Added explicit tests for escaping introduced in 3.7.3.
+- Handing names of classes those string representation cannot
+ be determined as untrusted input thus escaping them in error reports.
- Fixed tests on Python 2.4 and 2.5.
Modified: zope.error/trunk/src/zope/error/error.py
===================================================================
--- zope.error/trunk/src/zope/error/error.py 2012-02-01 14:23:44 UTC (rev 124271)
+++ zope.error/trunk/src/zope/error/error.py 2012-02-01 14:27:38 UTC (rev 124272)
@@ -71,7 +71,8 @@
logger.exception(
"Error in ErrorReportingUtility while getting a str"
" representation of an object")
- return u"<unprintable %s object>" % type(value).__name__
+ return u"<unprintable %s object>" % (
+ xml_escape(type(value).__name__))
value = unicode(value, errors="zope.error.printedreplace")
return xml_escape(value)
Modified: zope.error/trunk/src/zope/error/tests.py
===================================================================
--- zope.error/trunk/src/zope/error/tests.py 2012-02-01 14:23:44 UTC (rev 124271)
+++ zope.error/trunk/src/zope/error/tests.py 2012-02-01 14:27:38 UTC (rev 124272)
@@ -141,4 +141,40 @@
self.assertEquals(username, r"unauthenticated, \xe1, \xe1, \xe1")
+class GetPrintableTests(unittest.TestCase):
+ """Testing .error.getPrintable(value)"""
+ def getPrintable(self, value):
+ from zope.error.error import getPrintable
+ return getPrintable(value)
+
+ def test_xml_tags_get_escaped(self):
+ self.assertEqual(u'<script>', self.getPrintable(u'<script>'))
+
+ def test_str_values_get_converted_to_unicode(self):
+ self.assertEqual(u'\\u0441', self.getPrintable('\u0441'))
+ self.assertTrue(isinstance(self.getPrintable('\u0441'), unicode))
+
+ def test_non_str_values_get_converted_using_a_str_call(self):
+ class NonStr(object):
+ def __str__(self):
+ return 'non-str'
+ self.assertEqual(u'non-str', self.getPrintable(NonStr()))
+ self.assertTrue(isinstance(self.getPrintable(NonStr()), unicode))
+
+ def test_non_str_those_conversion_fails_are_returned_specially(self):
+ class NonStr(object):
+ def __str__(self):
+ raise ValueError('non-str')
+ self.assertEqual(
+ u'<unprintable NonStr object>', self.getPrintable(NonStr()))
+ self.assertTrue(isinstance(self.getPrintable(NonStr()), unicode))
+
+ def test_non_str_those_conversion_fails_are_returned_with_escaped_name(
+ self):
+ class NonStr(object):
+ def __str__(self):
+ raise ValueError('non-str')
+ NonStr.__name__ = '<script>'
+ self.assertEqual(u'<unprintable <script> object>',
+ self.getPrintable(NonStr()))
More information about the checkins
mailing list