Skip to content

gh-118350: Fix support of elements "textarea" and "title" in HTMLParser #135310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jul 22, 2025
Merged

gh-118350: Fix support of elements "textarea" and "title" in HTMLParser #135310

merged 9 commits into from
Jul 22, 2025

Conversation

timonviola
Copy link
Contributor

@timonviola timonviola commented Jun 9, 2025
edited by serhiy-storchaka
Loading

This is a PR where comments and tests are implemented based on feedback from the draft PR: #121770

@timonviola timonviola requested a review from ezio-melotti as a code owner June 9, 2025 18:42
@bedevere-app bedevere-app bot mentioned this pull request Jun 9, 2025
Open
@timonviola timonviola mentioned this pull request Jun 9, 2025
Closed
@serhiy-storchaka serhiy-storchaka self-requested a review June 9, 2025 20:07
@serhiy-storchaka
Copy link
Member

There are more fundamental issues in HTMLParser (see #135661). I'll review this PR after fixing them.

@serhiy-storchaka serhiy-storchaka self-assigned this Jun 25, 2025
@serhiy-storchaka
Copy link
Member

There were more fundamental issues in HTMLParser (see #135661). Now many of them are fixed, and the rest should not conflict with this PR. Please update the PR. Tests for style and script were rewritten, so please make tests for title and textarea similar to them.

@serhiy-storchaka
Copy link
Member

There were some errors in the implementations -- it was not able to find the closing tag and did not work with convert_charrefs=True. I fixed this and refactored the code and the tests.

This issue is now classified as a security issue, like many other HTMLParser issues.

@serhiy-storchaka serhiy-storchaka added type-security A security issue needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes labels Jul 14, 2025
@serhiy-storchaka serhiy-storchaka changed the title gh-118350: Add escapable-raw-text to CDATA mode gh-118350: Fix support of elements "textarea" and "title" in HTMLParser Jul 14, 2025
@serhiy-storchaka serhiy-storchaka mentioned this pull request Jul 22, 2025
Open
@ambv ambv merged commit 4d02f31 into python:main Jul 22, 2025
41 checks passed
@miss-islington-app
Copy link

Thanks @timonviola for the PR, and @ambv for merging it 🌮🎉.. I'm working now to backport this PR to: 3.9, 3.10, 3.11, 3.12, 3.13, 3.14.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jul 22, 2025
@timonviola @serhiy-storchaka
@ambv @miss-islington
pythongh-118350: Fix support of elements "textarea" and "title" in HT…
4bb60b5 
…MLParser (pythonGH-135310)

(cherry picked from commit 4d02f31)

Co-authored-by: Timon Viola <44016238+timonviola@users.noreply.github.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jul 22, 2025
@timonviola @serhiy-storchaka
@ambv @miss-islington
pythongh-118350: Fix support of elements "textarea" and "title" in HT…
416a38c 
…MLParser (pythonGH-135310)

(cherry picked from commit 4d02f31)

Co-authored-by: Timon Viola <44016238+timonviola@users.noreply.github.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
@bedevere-app
Copy link

bedevere-app bot commented Jul 22, 2025

GH-136984 is a backport of this pull request to the 3.14 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.14 bugs and security fixes label Jul 22, 2025
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jul 22, 2025
@timonviola @serhiy-storchaka
@ambv @miss-islington
pythongh-118350: Fix support of elements "textarea" and "title" in HT…
408f770 
…MLParser (pythonGH-135310)

(cherry picked from commit 4d02f31)

Co-authored-by: Timon Viola <44016238+timonviola@users.noreply.github.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
@bedevere-app
Copy link

bedevere-app bot commented Jul 22, 2025

GH-136985 is a backport of this pull request to the 3.13 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.13 bugs and security fixes label Jul 22, 2025
@miss-islington-app
Copy link

Sorry, @timonviola and @ambv, I could not cleanly backport this to 3.11 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 4d02f31cdd45d81b95540d9076222b709d4f2335 3.11

@bedevere-app
Copy link

bedevere-app bot commented Jul 22, 2025

GH-136986 is a backport of this pull request to the 3.12 branch.

@miss-islington-app
Copy link

Sorry, @timonviola and @ambv, I could not cleanly backport this to 3.10 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 4d02f31cdd45d81b95540d9076222b709d4f2335 3.10

@bedevere-app bedevere-app bot removed the needs backport to 3.12 only security fixes label Jul 22, 2025
@miss-islington-app
Copy link

Sorry, @timonviola and @ambv, I could not cleanly backport this to 3.9 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 4d02f31cdd45d81b95540d9076222b709d4f2335 3.9

ambv added a commit that referenced this pull request Jul 22, 2025
@miss-islington @timonviola
@serhiy-storchaka @ambv
[3.14] gh-118350: Fix support of elements "textarea" and "title" in H…
daa2fd7 
…TMLParser (GH-135310) (GH-136984)

(cherry picked from commit 4d02f31)

Co-authored-by: Timon Viola <44016238+timonviola@users.noreply.github.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
ambv added a commit that referenced this pull request Jul 22, 2025
@miss-islington @timonviola
@serhiy-storchaka @ambv
[3.13] gh-118350: Fix support of elements "textarea" and "title" in H…
8de88e0 
…TMLParser (GH-135310) (GH-136985)

(cherry picked from commit 4d02f31)

Co-authored-by: Timon Viola <44016238+timonviola@users.noreply.github.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
ambv added a commit that referenced this pull request Jul 22, 2025
@miss-islington @timonviola
@serhiy-storchaka @ambv
[3.12] gh-118350: Fix support of elements "textarea" and "title" in H…
f66c75f 
…TMLParser (GH-135310) (GH-136986)

(cherry picked from commit 4d02f31)

Co-authored-by: Timon Viola <44016238+timonviola@users.noreply.github.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ezio-melotti ezio-melotti Awaiting requested review from ezio-melotti ezio-melotti is a code owner

@serhiy-storchaka serhiy-storchaka Awaiting requested review from serhiy-storchaka

Assignees

@ambv ambv

Labels
needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes type-security A security issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@timonviola @serhiy-storchaka @ambv
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy