diff options
| author | Claude Paroz <claude@2xlibre.net> | 2015-06-19 08:42:48 +0200 |
|---|---|---|
| committer | Claude Paroz <claude@2xlibre.net> | 2015-06-19 20:54:46 +0200 |
| commit | 9368f51e1273c56ca40e396ef5a1aa0aa7c91871 (patch) | |
| tree | a44216aef9afd7996a50e030ce64cf5aa21e6764 /django/utils/xmlutils.py | |
| parent | b769bbd4f6a3cd1bcd9ebf3559ec6ea0f9b50565 (diff) | |
| download | django-9368f51e1273c56ca40e396ef5a1aa0aa7c91871.tar.gz | |
Fixed #20197 -- Made XML serializer fail loudly when outputting unserializable chars
Thanks Tim Graham for the review.
Diffstat (limited to 'django/utils/xmlutils.py')
| -rw-r--r-- | django/utils/xmlutils.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/django/utils/xmlutils.py b/django/utils/xmlutils.py index b3f7e4defb..f1edfb2ac9 100644 --- a/django/utils/xmlutils.py +++ b/django/utils/xmlutils.py @@ -2,9 +2,14 @@ Utilities for XML generation/parsing. """ +import re from xml.sax.saxutils import XMLGenerator +class UnserializableContentError(ValueError): + pass + + class SimplerXMLGenerator(XMLGenerator): def addQuickElement(self, name, contents=None, attrs=None): "Convenience method for adding an element with no children" @@ -14,3 +19,10 @@ class SimplerXMLGenerator(XMLGenerator): if contents is not None: self.characters(contents) self.endElement(name) + + def characters(self, content): + if content and re.search(r'[\x00-\x08\x0B-\x0C\x0E-\x1F]', content): + # Fail loudly when content has control chars (unsupported in XML 1.0) + # See http://www.w3.org/International/questions/qa-controls + raise UnserializableContentError("Control characters are not supported in XML 1.0") + XMLGenerator.characters(self, content) |