[Python-modules-team] Bug#983342: python3-simpletal: cgi.escape removed in python3.8

Olivier Aubert contact at olivieraubert.net
Mon Feb 22 16:42:20 GMT 2021 

Package: python3-simpletal
Version: 5.2-1.1
Severity: important
Tags: patch upstream
X-Debbugs-Cc: contact at olivieraubert.net

Dear Maintainer,

the cgi.escape method (which is used in simpleTALUtils) has been marked as
deprecated since python 3.2, and removed in python3.8. To make it work
with current python versions, cgi.escape should be replaced by html.escape

Here is a patch for fixing this issue. I also have reported it upstream.

Best regards, and thanks for you work

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.9.0-5-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-simpletal depends on:
ii  python3  3.9.1-1

python3-simpletal recommends no packages.

python3-simpletal suggests no packages.

-- no debconf information
-------------- next part --------------
diff --git a/lib/simpletal/simpleTALUtils.py b/lib/simpletal/simpleTALUtils.py
index ee78690..860d74f 100644
--- a/lib/simpletal/simpleTALUtils.py
+++ b/lib/simpletal/simpleTALUtils.py
@@ -34,7 +34,7 @@
 		Module Dependencies: None
 """
 
-import io, os, stat, threading, sys, codecs, cgi, re, types, logging
+import io, os, stat, threading, sys, codecs, html, re, types, logging
 from . import __version__, simpleTAL
 
 # This is used to check for already escaped attributes.
@@ -114,7 +114,7 @@ def tagAsText (tag,atts):
 			# We already have some escaped characters in here, so assume it's all valid
 			result += ' %s="%s"' % (name, value)
 		else:
-			result += ' %s="%s"' % (name, cgi.escape (value))
+			result += ' %s="%s"' % (name, html.escape (value))
 	result += ">"
 	return result
 
@@ -195,11 +195,11 @@ def cmdEndTagEndScope (self, command, args):
 						self.file.write (str (str (resultVal), 'ascii'))
 			else:
 				if (isinstance (resultVal, str)):
-					self.file.write (cgi.escape (resultVal))
+					self.file.write (html.escape (resultVal))
 				elif (isinstance (resultVal, bytes)):
-					self.file.write (cgi.escape (str (resultVal, 'ascii')))
+					self.file.write (html.escape (str (resultVal, 'ascii')))
 				else:
-					self.file.write (cgi.escape (str (str (resultVal), 'ascii')))
+					self.file.write (html.escape (str (str (resultVal), 'ascii')))
 					
 		if (self.outputTag and not args[1]):
 			self.file.write ('</' + args[0] + '>')

More information about the Python-modules-team mailing list