gentoo-overlay/dev-python/dugong/files/dugong-3.7-test-html-escape.patch

# HG changeset patch
# User Zac Medico <zmedico@gentoo.org>
# Date 1494468556 25200
# Branch test-quote-html
# Node ID b8a28438442ec12cd4067fd3240d9afc8e6998da
# Parent  a986296769f3fc4daa0f29fe28b857f43d05634d
Use html.escape for python3.6 compat

https://bitbucket.org/nikratio/python-dugong/pull-requests/3

diff --git a/test/test_dugong.py b/test/test_dugong.py
--- a/test/test_dugong.py
+++ b/test/test_dugong.py
@@ -24,7 +24,7 @@
 from dugong import (HTTPConnection, BodyFollowing, CaseInsensitiveDict, _join,
                     ConnectionClosed)
 import dugong
-from http.server import BaseHTTPRequestHandler, _quote_html
+from http.server import BaseHTTPRequestHandler
 from io import TextIOWrapper
 from base64 import b64encode
 import http.client
@@ -34,6 +34,7 @@
 import ssl
 import re
 import os
+import html
 import hashlib
 import threading
 import socketserver
@@ -1163,9 +1164,12 @@
             message = shortmsg
         explain = longmsg
         self.log_error("code %d, message %s", code, message)
-        # using _quote_html to prevent Cross Site Scripting attacks (see bug #1100201)
-        content = (self.error_message_format % {'code': code, 'message': _quote_html(message),
-                                               'explain': explain}).encode('utf-8', 'replace')
+        # HTML encode to prevent Cross Site Scripting attacks (see bug #1100201)
+        content = (self.error_message_format % {
+            'code': code,
+            'message': html.escape(message, quote=False),
+            'explain': explain
+        }).encode('utf-8', 'replace')
         self.send_response(code, message)
         self.send_header("Content-Type", self.error_content_type)
         self.send_header("Content-Length", str(len(content)))