Commits

cmlenz  committed dbb2d02

Ported [2969] to 0.9-stable (fixing #2777).

  • Participants
  • Parent commits 557306b
  • Branches 0.9-stable

Comments (0)

Files changed (2)

File trac/tests/util.py

         markup = Markup('<a href="#">fo<br>o</a>')
         self.assertEquals('<a href="#">fo<br />o</a>', markup.sanitize())
 
+    def test_sanitize_invalid_entity(self):
+        markup = Markup('&junk;')
+        self.assertEquals('&amp;junk;', markup.sanitize())
+
     def test_sanitize_remove_script_elem(self):
         markup = Markup('<script>alert("Foo")</script>')
         self.assertEquals('', markup.sanitize())

File trac/util.py

 
             def handle_entityref(self, name):
                 if not self.waiting_for:
-                    if name not in ('amp', 'lt', 'gt', 'quot'):
-                        codepoint = htmlentitydefs.name2codepoint[name]
-                        buf.write(unichr(codepoint).encode('utf-8'))
+                    if name not in ('amp', 'apos', 'lt', 'gt', 'quot'):
+                        try:
+                            codepoint = htmlentitydefs.name2codepoint[name]
+                            buf.write(unichr(codepoint).encode('utf-8'))
+                        except KeyError:
+                            buf.write('&amp;%s;' % name)
                     else:
                         buf.write('&%s;' % name)