This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author johnburnett
Recipients eli.bendersky, johnburnett, scoder
Date 2018-04-18.00:33:11
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1524011592.66.0.682650639539.issue33303@psf.upfronthosting.co.za>
In-reply-to
Content 
The _serialize_xml function in ElementTree.py doesn't escape Comment.text values when writing output.  This means the following code:

    import sys
    import xml.etree.ElementTree
    elem = xml.etree.ElementTree.Comment()
    elem.text = 'hi --> bye'
    tree = xml.etree.ElementTree.ElementTree(elem)
    tree.write(sys.stdout)

...will output the following invalid xml:

    <!--hi --> bye-->

In Python 3.7, changing the _serialize_xml function on line 903/904 from this:

    if tag is Comment:
        write("<!--%s-->" % text)

...to this:

    if tag is Comment:
        write("<!--%s-->" % _escape_cdata(text))

...writes something more expected:

    <!--hi --&gt; bye-->
History
Date User Action Args
2018-04-18 00:33:12johnburnettsetrecipients: + johnburnett, scoder, eli.bendersky
2018-04-18 00:33:12johnburnettsetmessageid: <1524011592.66.0.682650639539.issue33303@psf.upfronthosting.co.za>
2018-04-18 00:33:12johnburnettlinkissue33303 messages
2018-04-18 00:33:11johnburnettcreate