|
10 | 10 |
|
11 | 11 | spaceCharacters="".join(spaceCharacters) |
12 | 12 |
|
13 | | -quoteAttributeSpec=re.compile("["+spaceCharacters+"\"'=<>`]") |
14 | | -quoteAttributeLegacy=re.compile("[\x00\x01\x02\x03\x04\x05\x06\x07\x08\t\n" |
| 13 | +quoteAttributeSpecChars=spaceCharacters+"\"'=<>`" |
| 14 | +quoteAttributeSpec=re.compile("["+quoteAttributeSpecChars+"]") |
| 15 | +quoteAttributeLegacy=re.compile("["+quoteAttributeSpecChars+ |
| 16 | +"\x00\x01\x02\x03\x04\x05\x06\x07\x08\t\n" |
15 | 17 | "\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15" |
16 | 18 | "\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" |
17 | 19 | "\x20\x2f\x60\xa0\u1680\u180e\u180f\u2000" |
@@ -79,7 +81,7 @@ def htmlentityreplace_errors(exc): |
79 | 81 | classHTMLSerializer(object): |
80 | 82 |
|
81 | 83 | # attribute quoting options |
82 | | -quote_attr_values="legacy" |
| 84 | +quote_attr_values="legacy"# be secure by default |
83 | 85 | quote_char='"' |
84 | 86 | use_best_quote_char=True |
85 | 87 |
|
@@ -115,9 +117,9 @@ def __init__(self, **kwargs): |
115 | 117 | inject_meta_charset=True|False |
116 | 118 | Whether it insert a meta element to define the character set of the |
117 | 119 | document. |
118 | | - quote_attr_values="legacy"|"spec"|True |
| 120 | + quote_attr_values="legacy"|"spec"|"always" |
119 | 121 | Whether to quote attribute values that don't require quoting |
120 | | - per legacy browser behaviour,HTML authoring rules, or always. |
| 122 | + per legacy browser behaviour,when required by the standard, or always. |
121 | 123 | quote_char=u'"'|u"'" |
122 | 124 | Use given quote character for attribute quoting. Default is to |
123 | 125 | use double quote unless attribute value contains a double quote, |
@@ -246,10 +248,15 @@ def serialize(self, treewalker, encoding=None): |
246 | 248 | (knotinbooleanAttributes.get(name,tuple())and |
247 | 249 | knotinbooleanAttributes.get("",tuple())): |
248 | 250 | yieldself.encodeStrict("=") |
249 | | -ifself.quote_attr_valuesorlen(v)==0: |
| 251 | +ifself.quote_attr_values=="always"orlen(v)==0: |
250 | 252 | quote_attr=True |
251 | | -elif : |
252 | | -quoteAttributeSpec.search(v) |
| 253 | +elifself.quote_attr_values=="spec": |
| 254 | +quote_attr=quoteAttributeSpec.search(v)isnotNone |
| 255 | +elifself.quote_attr_values=="legacy": |
| 256 | +quote_attr=quoteAttributeLegacy.search(v)isnotNone |
| 257 | +else: |
| 258 | +raiseValueError("quote_attr_values must be one of: " |
| 259 | +"'always', 'spec', or 'legacy'") |
253 | 260 | v=v.replace("&","&") |
254 | 261 | ifself.escape_lt_in_attrs: |
255 | 262 | v=v.replace("<","<") |
|