quetz-mod_python-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brendan O'Connor" <brend...@stanford.edu>
Subject PSP escaping bug, and proposed fix
Date Tue, 20 Jul 2004 14:38:43 GMT
Hello mod_python developers,

There's a bug with PSP processing of html.  Anything in html or javascript
that might be a special character for a python string gets interpreted
when outputted. [I think this was alluded to in the list archives but I
can no longer find the message.]  Here's an example from 3.1.3:

$ cat test.psp
<script>  var s = "firstline \nsecond line"; </script>

$ python -c "import _psp; print _psp.parse('test.psp')"
req.write("""<script>  var s = \"firstline \nsecond line\"; </script>
""",0)

This is unfortunate, because the \n gets interpreted as a python string
escape, destroying the javascript statement.  PSP is fooling around with
characters outside <% %> tags.

so I'm a complete newcomer to the mod_python code, but it looks like
psp_parser.l could be patched to use python's raw string feature, so the
previous output would look like

req.write(r"""<script>  var s = "firstline \nsecond line"; </script>
""",0)

Absolutely nothing is interpreted as escapes by python, so the \n would
live on into the output page.  The only special character that would need
to be escaped by psp_parser.l is the triple quote """ .

Unfortunately, I'm not terribly familiar with flex, and I don't have the
special version needed to build mod_python and so haven't tested this --
but here's my attempt to solve the problem.

comments?  Thanks to all the developers for mod_python!
Thanks, Brendan

PATCH:
--- psp_parser.orig.l   2004-07-20 06:38:39.000000000 -0700
+++ psp_parser.l        2004-07-20 07:30:33.000000000 -0700
@@ -47,14 +47,14 @@
 %%

 \r\n|\n {
-    psp_string_appendl(&PSP_PG(pycode), STATIC_STR("req.write(\"\"\""));
+    psp_string_appendl(&PSP_PG(pycode), STATIC_STR("req.write(r\"\"\""));

     yyless(0);
     BEGIN TEXT;
 }

 . {
-    psp_string_appendl(&PSP_PG(pycode), STATIC_STR("req.write(\"\"\""));
+    psp_string_appendl(&PSP_PG(pycode), STATIC_STR("req.write(r\"\"\""));

     yyless(0);
     BEGIN TEXT;
@@ -87,11 +87,16 @@
 }

 <TEXT>. {
-    if (yytext[0] == '"') {
-        psp_string_appendl(&PSP_PG(pycode), STATIC_STR("\\\""));
-    } else {
-        psp_string_appendc(&PSP_PG(pycode), yytext[0]);
-    }
+    /*   " no longer needs to be escaped */
+    psp_string_appendc(&PSP_PG(pycode), yytext[0]);
+}
+
+<TEXT>"\"\"\"" {
+    /* close python triplequoted string, put in a triple quote enclosed
+     * itself by single quotes, then restart the python triplequoted
+     * string. */
+    psp_string_appendc(&PSP_PG(pycode), "\"\"\" +'\"\"\"'+ r\"\"\"");
+
 }

 <TEXT><<EOF>> {
@@ -117,7 +122,7 @@
 <PYCODE>"%>" {

     if (PSP_PG(is_psp_echo)) {
-        psp_string_appendl(&PSP_PG(pycode), STATIC_STR("),0);
req.write(\"\"\""));
+        psp_string_appendl(&PSP_PG(pycode), STATIC_STR("),0);
req.write(r\"\"\""));
         PSP_PG(is_psp_echo) = 0;
     }
     else {
@@ -133,7 +138,7 @@
             PSP_PG(after_colon) = 0;
         }
         OUTPUT_WHITESPACE(&PSP_PG(whitespace));
-        psp_string_appendl(&PSP_PG(pycode),
STATIC_STR("req.write(\"\"\""));
+        psp_string_appendl(&PSP_PG(pycode),
STATIC_STR("req.write(r\"\"\""));
     }

     BEGIN TEXT;



Mime
View raw message