Kyle Keating <[email protected]> added the comment:
This looks to break pretty good... I did confirm this on 3.0, I'm guessing 3.2
is the same.
import sys
import xml.dom
doc = xml.dom.getDOMImplementation().createDocument(None, 'xml', None)
doc.firstChild.appendChild(doc.createElement('element00'))
element01 = doc.createElement('element01')
element01.setAttribute('attribute',
"script><![CDATA[alert('script!');]]></script>")
doc.firstChild.appendChild(element01)
element02 = doc.createElement("script><![CDATA[alert('script!');]]></script>")
doc.firstChild.appendChild(element02)
element03 = doc.createElement("new line \n")
element03.setAttribute('attribute-name','new line \n')
doc.firstChild.appendChild(element03)
print doc.toprettyxml(indent=" ")
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
output:
<?xml version="1.0" ?>
<xml>
<element/>
<element01 attribute="script><![CDATA[alert('script!');]]></script
>"/>
<script><![CDATA[alert('script!');]]></script>/>
<new line
attribute-name="new line
"/>
</xml>
----------
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue12129>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
