55 lines
2.1 KiB
Diff
55 lines
2.1 KiB
Diff
diff --git a/Lib/test/test_docxmlrpc.py b/Lib/test/test_docxmlrpc.py
|
|
index 0090333..d2adb21 100644
|
|
--- a/Lib/test/test_docxmlrpc.py
|
|
+++ b/Lib/test/test_docxmlrpc.py
|
|
@@ -1,5 +1,6 @@
|
|
from xmlrpc.server import DocXMLRPCServer
|
|
import http.client
|
|
+import re
|
|
import sys
|
|
from test import support
|
|
threading = support.import_module('threading')
|
|
@@ -193,6 +194,21 @@ class DocXMLRPCHTTPGETServer(unittest.TestCase):
|
|
b'method_annotation</strong></a>(x: bytes)</dt></dl>'),
|
|
response.read())
|
|
|
|
+ def test_server_title_escape(self):
|
|
+ # bpo-38243: Ensure that the server title and documentation
|
|
+ # are escaped for HTML.
|
|
+ self.serv.set_server_title('test_title<script>')
|
|
+ self.serv.set_server_documentation('test_documentation<script>')
|
|
+ self.assertEqual('test_title<script>', self.serv.server_title)
|
|
+ self.assertEqual('test_documentation<script>',
|
|
+ self.serv.server_documentation)
|
|
+
|
|
+ generated = self.serv.generate_html_documentation()
|
|
+ title = re.search(r'<title>(.+?)</title>', generated).group()
|
|
+ documentation = re.search(r'<p><tt>(.+?)</tt></p>', generated).group()
|
|
+ self.assertEqual('<title>Python: test_title<script></title>', title)
|
|
+ self.assertEqual('<p><tt>test_documentation<script></tt></p>', documentation)
|
|
+
|
|
|
|
if __name__ == '__main__':
|
|
unittest.main()
|
|
diff --git a/Lib/xmlrpc/server.py b/Lib/xmlrpc/server.py
|
|
index 3e0dca0..efe5937 100644
|
|
--- a/Lib/xmlrpc/server.py
|
|
+++ b/Lib/xmlrpc/server.py
|
|
@@ -106,6 +106,7 @@ server.handle_request()
|
|
|
|
from xmlrpc.client import Fault, dumps, loads, gzip_encode, gzip_decode
|
|
from http.server import BaseHTTPRequestHandler
|
|
+import html
|
|
import http.server
|
|
import socketserver
|
|
import sys
|
|
@@ -904,7 +905,7 @@ class XMLRPCDocGenerator:
|
|
methods
|
|
)
|
|
|
|
- return documenter.page(self.server_title, documentation)
|
|
+ return documenter.page(html.escape(self.server_title), documentation)
|
|
|
|
class DocXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
|
|
"""XML-RPC and documentation request handler class.
|