File: test-strip-tags-incomplete-entities.patch

package info (click to toggle)
python-django 3%3A4.2.27-2
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 58,916 kB
  • sloc: python: 334,817; javascript: 18,754; xml: 215; makefile: 178; sh: 27
file content (77 lines) | stat: -rw-r--r-- 3,232 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
From: Jacob Walls <jacobtylerwalls@gmail.com>
Date: Thu, 11 Dec 2025 08:44:19 -0500
Subject: Refs #36499 -- Adjusted test_strip_tags following Python behavior
 change for incomplete entities.

Origin: backport, https://github.com/django/django/pull/20390
Bug-Debian: https://bugs.debian.org/1122185
Last-Update: 2025-12-17
---
 tests/utils_tests/test_html.py | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index f755b8c..f027940 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -1,3 +1,4 @@
+import math
 import os
 import sys
 from datetime import datetime
@@ -92,7 +93,7 @@ class TestUtilsHtml(SimpleTestCase):
         # old and new results. The check below is temporary until all supported
         # Python versions and CI workers include the fix. See:
         # https://github.com/python/cpython/commit/6eb6c5db
-        min_fixed = {
+        min_fixed_security = {
             (3, 14): (3, 14),
             (3, 13): (3, 13, 6),
             (3, 12): (3, 12, 12),
@@ -100,9 +101,20 @@ class TestUtilsHtml(SimpleTestCase):
             (3, 10): (3, 10, 19),
             (3, 9): (3, 9, 24),
         }
-        py_version = sys.version_info[:2]
-        htmlparser_fixed = (
-            py_version in min_fixed and sys.version_info >= min_fixed[py_version]
+        # Similarly, there was a fix for terminating incomplete entities. See:
+        # https://github.com/python/cpython/commit/95296a9d
+        min_fixed_incomplete_entities = {
+            (3, 14): (3, 14, 1),
+            (3, 13): (3, 13, 10),
+            (3, 12): (3, 12, math.inf),  # not fixed in 3.12.
+        }
+        major_version = sys.version_info[:2]
+        htmlparser_fixed_security = sys.version_info >= min_fixed_security.get(
+            major_version, major_version
+        )
+        htmlparser_fixed_incomplete_entities = (
+            sys.version_info
+            >= min_fixed_incomplete_entities.get(major_version, major_version)
         )
         items = (
             (
@@ -130,16 +142,19 @@ class TestUtilsHtml(SimpleTestCase):
             # https://bugs.python.org/issue20288
             ("&gotcha&#;<>", "&gotcha&#;<>"),
             ("<sc<!-- -->ript>test<<!-- -->/script>", "ript>test"),
-            ("<script>alert()</script>&h", "alert()h"),
+            (
+                "<script>alert()</script>&h",
+                "alert()&h;" if htmlparser_fixed_incomplete_entities else "alert()h",
+            ),
             (
                 "><!" + ("&" * 16000) + "D",
-                ">" if htmlparser_fixed else "><!" + ("&" * 16000) + "D",
+                ">" if htmlparser_fixed_security else "><!" + ("&" * 16000) + "D",
             ),
             ("X<<<<br>br>br>br>X", "XX"),
             ("<" * 50 + "a>" * 50, ""),
             (
                 ">" + "<a" * 500 + "a",
-                ">" if htmlparser_fixed else ">" + "<a" * 500 + "a",
+                ">" if htmlparser_fixed_security else ">" + "<a" * 500 + "a",
             ),
             ("<a" * 49 + "a" * 951, "<a" * 49 + "a" * 951),
             ("<" + "a" * 1_002, "<" + "a" * 1_002),