mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-11-24 20:30:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

gh-135661: Fix parsing unterminated bogus comments in HTMLParser (GH-137873)
Some checks are pending
Tests / Docs (push) Blocked by required conditions
Details
Tests / Windows MSI (push) Blocked by required conditions
Details
Tests / Hypothesis tests on Ubuntu (push) Blocked by required conditions
Details
Tests / Change detection (push) Waiting to run
Details
Tests / Check if Autoconf files are up to date (push) Blocked by required conditions
Details
Tests / Check if generated files are up to date (push) Blocked by required conditions
Details
Tests / (push) Blocked by required conditions
Details
Tests / Ubuntu SSL tests with OpenSSL (push) Blocked by required conditions
Details
Tests / Ubuntu SSL tests with AWS-LC (push) Blocked by required conditions
Details
Tests / Android (aarch64) (push) Blocked by required conditions
Details
Tests / Android (x86_64) (push) Blocked by required conditions
Details
Tests / WASI (push) Blocked by required conditions
Details
Tests / Address sanitizer (push) Blocked by required conditions
Details
Tests / Sanitizers (push) Blocked by required conditions
Details
Tests / Cross build Linux (push) Blocked by required conditions
Details
Tests / CIFuzz (push) Blocked by required conditions
Details
Tests / All required checks pass (push) Blocked by required conditions
Details
Lint / lint (push) Waiting to run
Details
mypy / Run mypy on Lib/_pyrepl (push) Waiting to run
Details
mypy / Run mypy on Lib/test/libregrtest (push) Waiting to run
Details
mypy / Run mypy on Lib/tomllib (push) Waiting to run
Details
mypy / Run mypy on Tools/build (push) Waiting to run
Details
mypy / Run mypy on Tools/cases_generator (push) Waiting to run
Details
mypy / Run mypy on Tools/clinic (push) Waiting to run
Details
mypy / Run mypy on Tools/jit (push) Waiting to run
Details
mypy / Run mypy on Tools/peg_generator (push) Waiting to run
Details

Browse source 
Bogus comments that start with "<![CDATA[" should not include the starting "!"
in its value.
This commit is contained in:
Serhiy Storchaka 2025-08-17 13:37:50 +03:00 committed by GitHub
parent eac37b46d9
commit 7636a66635
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 9 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

22
Lib/html/parser.py
View file

@ -271,11 +271,8 @@ class HTMLParser(_markupbase.ParserBase):
j -= len(suffix)
break
self.handle_comment(rawdata[i+4:j])
elif startswith("<![CDATA[", i):
if self._support_cdata:
self.unknown_decl(rawdata[i+3:])
else:
self.handle_comment(rawdata[i+1:])
elif startswith("<![CDATA[", i) and self._support_cdata:
self.unknown_decl(rawdata[i+3:])
elif rawdata[i:i+9].lower() == '<!doctype':
self.handle_decl(rawdata[i+2:])
elif startswith("<!", i):
@ -350,15 +347,12 @@ class HTMLParser(_markupbase.ParserBase):
if rawdata[i:i+4] == '<!--':
# this case is actually already handled in goahead()
return self.parse_comment(i)
elif rawdata[i:i+9] == '<![CDATA[':
if self._support_cdata:
j = rawdata.find(']]>', i+9)
if j < 0:
return -1
self.unknown_decl(rawdata[i+3: j])
return j + 3
else:
return self.parse_bogus_comment(i)
elif rawdata[i:i+9] == '<![CDATA[' and self._support_cdata:
j = rawdata.find(']]>', i+9)
if j < 0:
return -1
self.unknown_decl(rawdata[i+3: j])
return j + 3
elif rawdata[i:i+9].lower() == '<!doctype':
# find the closing >
gtpos = rawdata.find('>', i+9)

2
Lib/test/test_htmlparser.py
View file

@ -791,7 +791,7 @@ text
self._run_check('<![CDATA[' + content,
[('unknown decl', 'CDATA[' + content)])
self._run_check('<![CDATA[' + content,
[('comment', '![CDATA[' + content)],
[('comment', '[CDATA[' + content)],
collector=EventCollector(autocdata=True))
self._run_check('<svg><text y="100"><![CDATA[' + content,
[('starttag', 'svg', []),