lxml

etree.htmlfile doesn't escape attribute values

Bug #1594155 reported by Burak Arslan on 2016-06-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	lxml	Fix Released	Undecided	Unassigned

Bug Description

>>> from lxml import etree
>>> etree.LXML_VERSION
(3, 6, 0, 0)
>>>
>>> from lxml import html
>>> from lxml.etree import htmlfile
>>> from lxml.html.builder import E
>>> from StringIO import StringIO
>>> out = StringIO()
>>> with htmlfile(out) as f:
... with f.element("tagname", attrib={"attr": '"misquoted"'}):
... f.write("foo")
...
>>> out.getvalue()
'<tagname attr=""misquoted"">foo</tagname>'
>>> import sys
>>> from lxml import etree
>>>
Python : sys.version_info(major=2, minor=7, micro=11, releaselevel='final', serial=0)
lxml.etree : (3, 6, 0, 0)
libxml used : (2, 9, 3)
libxml compiled : (2, 9, 3)
libxslt used : (1, 1, 28)
libxslt compiled : (1, 1, 28)

Revision history for this message

Burak Arslan (robots-0) wrote on 2016-06-19:

Expected output:

'<tagname attr=""misquoted"">foo</tagname>'

Burak Arslan (robots-0) on 2016-06-20

summary:

- etree.htmlfile misquotes attributes
+ etree.htmlfile doesn't escape attribute values

Revision history for this message

scoder (scoder) wrote on 2019-08-11:

FIxed in lxml 3.7.2.

Changed in lxml:
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.