#20288: merge with 3.3.

2014-02-01 21:22:26 +02:00 · 2014-02-01 21:22:26 +02:00 · 153d97b24e
parent 145dff8567 f27b9a741a
commit 153d97b24e
3 changed files with 11 additions and 3 deletions
--- a/Lib/html/parser.py
+++ b/Lib/html/parser.py
@ -264,9 +264,9 @@ class HTMLParser(_markupbase.ParserBase):
                    i = self.updatepos(i, k)
                    continue
                else:
-                    if ";" in rawdata[i:]: #bail by consuming &#
-                        self.handle_data(rawdata[0:2])
-                        i = self.updatepos(i, 2)
+                    if ";" in rawdata[i:]:  # bail by consuming &#
+                        self.handle_data(rawdata[i:i+2])
+                        i = self.updatepos(i, i+2)
                    break
            elif startswith('&', i):
                match = entityref.match(rawdata, i)
--- a/Lib/test/test_htmlparser.py
+++ b/Lib/test/test_htmlparser.py
@ -167,6 +167,12 @@ text
            ("data", "&#bad;"),
            ("endtag", "p"),
        ])
+        # add the [] as a workaround to avoid buffering (see #20288)
+        self._run_check(["<div>&#bad;</div>"], [
+            ("starttag", "div", []),
+            ("data", "&#bad;"),
+            ("endtag", "div"),
+        ])

    def test_unclosed_entityref(self):
        self._run_check("&entityref foo", [
--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -41,6 +41,8 @@ Library
  ValueError instead of assert for forbidden subprocess_{shell,exec}
  arguments.  (More to follow -- a convenience API for subprocesses.)

+- Issue #20288: fix handling of invalid numeric charrefs in HTMLParser.
+
 - Issue #20424: Python implementation of io.StringIO now supports lone surrogates.

 - Issue #20308: inspect.signature now works on classes without user-defined