From 66f912c3a0ac65e97b9e6409539bfab4b3cc7447 Mon Sep 17 00:00:00 2001 From: Giuseppe Date: Fri, 26 Apr 2019 09:55:24 +0200 Subject: DeprecationWarning: cgi.escape is deprecated, use html.escape instead. Fixed --- src/saml2/pack.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/saml2/pack.py b/src/saml2/pack.py index b447be31..cad55dfb 100644 --- a/src/saml2/pack.py +++ b/src/saml2/pack.py @@ -8,7 +8,10 @@ Bindings normally consists of three parts: """ import base64 -import cgi +# [DeprecationWarning] Fixed: cgi.escape is deprecated, use html.escape instead +try: import html +except: import cgi as html + import logging import saml2 @@ -87,15 +90,15 @@ def http_form_post_message(message, location, relay_state="", _msg = _msg.decode('ascii') saml_response_input = HTML_INPUT_ELEMENT_SPEC.format( - name=cgi.escape(typ), - val=cgi.escape(_msg), + name=html.escape(typ), + val=html.escape(_msg), type='hidden') relay_state_input = "" if relay_state: relay_state_input = HTML_INPUT_ELEMENT_SPEC.format( name='RelayState', - val=cgi.escape(relay_state), + val=html.escape(relay_state), type='hidden') response = HTML_FORM_SPEC.format( -- cgit v1.2.1 From 80ec58db830d90f97f4bfd584a7023fe2c99ce4b Mon Sep 17 00:00:00 2001 From: Ivan Kanakarakis Date: Tue, 14 May 2019 15:14:19 +0200 Subject: Format import statements Signed-off-by: Ivan Kanakarakis --- src/saml2/pack.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/saml2/pack.py b/src/saml2/pack.py index cad55dfb..fc651645 100644 --- a/src/saml2/pack.py +++ b/src/saml2/pack.py @@ -8,9 +8,10 @@ Bindings normally consists of three parts: """ import base64 -# [DeprecationWarning] Fixed: cgi.escape is deprecated, use html.escape instead -try: import html -except: import cgi as html +try: + import html +except: + import cgi as html import logging -- cgit v1.2.1 From e86a489c353ee3e5e48712f4b85a5e4c4656a0e3 Mon Sep 17 00:00:00 2001 From: Ivan Kanakarakis Date: Tue, 14 May 2019 15:26:20 +0200 Subject: Escape single and double quotes, always Signed-off-by: Ivan Kanakarakis --- src/saml2/pack.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/saml2/pack.py b/src/saml2/pack.py index fc651645..5a2534c2 100644 --- a/src/saml2/pack.py +++ b/src/saml2/pack.py @@ -68,6 +68,10 @@ HTML_FORM_SPEC = """ """ +def _html_escape(payload): + return html.escape(payload, quote=True) + + def http_form_post_message(message, location, relay_state="", typ="SAMLRequest", **kwargs): """The HTTP POST binding defines a mechanism by which SAML protocol @@ -91,15 +95,15 @@ def http_form_post_message(message, location, relay_state="", _msg = _msg.decode('ascii') saml_response_input = HTML_INPUT_ELEMENT_SPEC.format( - name=html.escape(typ), - val=html.escape(_msg), + name=_html_escape(typ), + val=_html_escape(_msg), type='hidden') relay_state_input = "" if relay_state: relay_state_input = HTML_INPUT_ELEMENT_SPEC.format( name='RelayState', - val=html.escape(relay_state), + val=_html_escape(relay_state), type='hidden') response = HTML_FORM_SPEC.format( -- cgit v1.2.1