diff options
| author | Mike Bayer <mike_mp@zzzcomputing.com> | 2022-09-22 14:52:59 -0400 |
|---|---|---|
| committer | Mike Bayer <mike_mp@zzzcomputing.com> | 2022-09-22 14:58:02 -0400 |
| commit | 0babe1c6acd5b6e19ba9906251763c28b17f3b39 (patch) | |
| tree | c3043f2bc9f41fc8bbe64cb3a500a1f0e29ee741 /doc | |
| parent | c2f392e0be52dc67d1b9770ab8cce6a9c736d547 (diff) | |
| download | mako-0babe1c6acd5b6e19ba9906251763c28b17f3b39.tar.gz | |
replace "dot" with "set not containing whitespace"
Fixed issue in lexer in the same category as that of :ticket:`366` where
the regexp used to match an end tag didn't correctly organize for matching
characters surrounded by whitespace, leading to high memory / interpreter
hang if a closing tag incorrectly had a large amount of unterminated space
in it. Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is **never** appropriate to create
templates that contain untrusted input.
Fixes: #367
Change-Id: I2f3a8665e92c1b6efcf36b1dba6e58fe0975b7da
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/build/changelog.rst | 7 | ||||
| -rw-r--r-- | doc/build/unreleased/367.rst | 13 |
2 files changed, 19 insertions, 1 deletions
diff --git a/doc/build/changelog.rst b/doc/build/changelog.rst index b3f06fd..5ca49de 100644 --- a/doc/build/changelog.rst +++ b/doc/build/changelog.rst @@ -22,7 +22,12 @@ Changelog correctly interpret quoted sections individually. While this parsing issue still produced the same expected tag structure later on, the mis-handling of quoted sections was also subject to a regexp crash if a tag had a large - number of quotes within its quoted sections. + number of quotes within its quoted sections. Credit to Sebastian + Chnelik for locating the issue. + + As Mako templates inherently render and directly invoke arbitrary Python + code from the template source, it is **never** appropriate to create + templates that contain untrusted input. .. changelog:: :version: 1.2.1 diff --git a/doc/build/unreleased/367.rst b/doc/build/unreleased/367.rst new file mode 100644 index 0000000..6798e6e --- /dev/null +++ b/doc/build/unreleased/367.rst @@ -0,0 +1,13 @@ +.. change:: + :tags: bug, lexer + :tickets: 367 + + Fixed issue in lexer in the same category as that of :ticket:`366` where + the regexp used to match an end tag didn't correctly organize for matching + characters surrounded by whitespace, leading to high memory / interpreter + hang if a closing tag incorrectly had a large amount of unterminated space + in it. Credit to Sebastian Chnelik for locating the issue. + + As Mako templates inherently render and directly invoke arbitrary Python + code from the template source, it is **never** appropriate to create + templates that contain untrusted input. |