[Python-modules-team] Bug#983342: python3-simpletal: cgi.escape removed in python3.8
Olivier Aubert
contact at olivieraubert.net
Mon Feb 22 16:42:20 GMT 2021
Package: python3-simpletal
Version: 5.2-1.1
Severity: important
Tags: patch upstream
X-Debbugs-Cc: contact at olivieraubert.net
Dear Maintainer,
the cgi.escape method (which is used in simpleTALUtils) has been marked as
deprecated since python 3.2, and removed in python3.8. To make it work
with current python versions, cgi.escape should be replaced by html.escape
Here is a patch for fixing this issue. I also have reported it upstream.
Best regards, and thanks for you work
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.9.0-5-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages python3-simpletal depends on:
ii python3 3.9.1-1
python3-simpletal recommends no packages.
python3-simpletal suggests no packages.
-- no debconf information
-------------- next part --------------
diff --git a/lib/simpletal/simpleTALUtils.py b/lib/simpletal/simpleTALUtils.py
index ee78690..860d74f 100644
--- a/lib/simpletal/simpleTALUtils.py
+++ b/lib/simpletal/simpleTALUtils.py
@@ -34,7 +34,7 @@
Module Dependencies: None
"""
-import io, os, stat, threading, sys, codecs, cgi, re, types, logging
+import io, os, stat, threading, sys, codecs, html, re, types, logging
from . import __version__, simpleTAL
# This is used to check for already escaped attributes.
@@ -114,7 +114,7 @@ def tagAsText (tag,atts):
# We already have some escaped characters in here, so assume it's all valid
result += ' %s="%s"' % (name, value)
else:
- result += ' %s="%s"' % (name, cgi.escape (value))
+ result += ' %s="%s"' % (name, html.escape (value))
result += ">"
return result
@@ -195,11 +195,11 @@ def cmdEndTagEndScope (self, command, args):
self.file.write (str (str (resultVal), 'ascii'))
else:
if (isinstance (resultVal, str)):
- self.file.write (cgi.escape (resultVal))
+ self.file.write (html.escape (resultVal))
elif (isinstance (resultVal, bytes)):
- self.file.write (cgi.escape (str (resultVal, 'ascii')))
+ self.file.write (html.escape (str (resultVal, 'ascii')))
else:
- self.file.write (cgi.escape (str (str (resultVal), 'ascii')))
+ self.file.write (html.escape (str (str (resultVal), 'ascii')))
if (self.outputTag and not args[1]):
self.file.write ('</' + args[0] + '>')
More information about the Python-modules-team
mailing list