ZOPE2.13.23: escaped HTML tags in NotFound Error Page

Hi,

On a vanilla ZOPE 2.13.23 install the NotFound (404) Error Page contains escaped HTML tags and is not properly displayed by the browser. Also, the traceback includes a copy of the the HTML error message (again with escaped tags).

The patch below fixes the *symptoms* for NotFound. It is however likely that other Exceptions (e.g. all that have their error messages generated by by ZPublisher.HTTPResponse._error_html()) have the same problem.

Thank you && best regards,
Mathias

excp_hook_fmt.patch

--- eggs/Zope2-2.13.23-py2.7.egg/OFS/SimpleItem.py.ori 2015-11-10 10:22:53.163437323 +0100
+++ eggs/Zope2-2.13.23-py2.7.egg/OFS/SimpleItem.py 2015-11-10 10:52:33.852662569 +0100
@@ -46,6 +46,7 @@
 from Persistence import Persistent
 from webdav.Resource import Resource
 from webdav.xmltools import escape as xml_escape
+from zExceptions import NotFound
 from zExceptions import Redirect
 from zExceptions.ExceptionFormatter import format_exception
 from zope.interface import implements
@@ -62,6 +63,9 @@
 import logging
 logger = logging.getLogger()

+# special case formatting for well known pre-formatted (HTML) exceptions
+PREFORMATTED_EXCEPTIONS = [NotFound]
+
 class Item(Base,
            Resource,
            CopySource,
@@ -235,6 +239,9 @@
                           'error_traceback': error_tb,
                           'error_message': xml_escape(str(error_message)),
                           'error_log_url': error_log_url}
+ # error message: do not escape if already formatted as HTML
+ if error_type in PREFORMATTED_EXCEPTIONS:
+ kwargs['error_message'] = str(error_message)

                 if getattr(aq_base(s), 'isDocTemp', 0):
                     v = s(client, REQUEST, **kwargs)
@@ -427,6 +434,9 @@

 def pretty_tb(t, v, tb, as_html=1):
+ # do dot include message itself in traceback of pre-formatted exceptions
+ if t in PREFORMATTED_EXCEPTIONS:
+ v = ''
     tb = format_exception(t, v, tb, as_html=as_html)
     tb = '\n'.join(tb)
     return tb