René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"The preview of the new Python 3 port has broken HTML escaping in the XML feeds","articleBody":"I am using:  \r\n**O.S**:  Fedora 40\r\n**Browser**:  Firefox 131.0.2\r\n**Platform**: desktop\r\n\r\n## Problem\r\nThe preview of the new Python 3 port has broken HTML escaping in the XML feeds\r\n\r\neg try to view this in the browser:\r\n\r\n  https://planetpython.org/3/rss10.xml\r\n\r\nand it will complain about undefined entities, due to having raw unescaped HTML in the XML document\r\n\r\nBy comparison the original Python 2 code escaped HTML in the feed\r\n\r\n```\r\n$ wget https://planetpython.org/rss10.xml\r\n$ grep \"content:encoded\" rss10.xml | head -1\r\n\t\u003ccontent:encoded\u003e\u0026lt;p\u0026gt;As is probably apparent from the sequence of blog posts about the topic in the\r\n$ wget https://planetpython.org/3/rss10.xml\r\n$ grep \"content:encoded\" rss10.xml.1 | head -1\r\n\t\u003ccontent:encoded\u003e\u003cp\u003eAs is probably apparent from the sequence of blog posts about the topic in the\r\n```\r\n\r\n## Details\r\n![Screenshot from 2024-10-24 14-08-18](https://github.com/user-attachments/assets/a4ac1a59-629f-4bf1-a38a-8cec413f10df)\r\n\r\nThis problem is caused by a mistake in the python 3 conversion done in #577, specially in commit https://github.com/python/planet/pull/577/commits/86e31f90403c4659471396beeba922584e08d12e replaced code patterns like:\r\n\r\n```\r\nfeed[key] = sanitize.HTML(feed[key])\r\n```\r\n\r\nwith\r\n\r\n```\r\nfeed[key] = Markup(feed[key])\r\n```\r\n\r\nwhich is not providing functionally equivalent behaviour.\r\n\r\nThe `sanitize.HTML` method would parse the HTML and strip out various undesirable elements and attributes, and escaping was later performed by the template processor.\r\n\r\nThe `Markup` method will not parse anything, it'll just wrap the `str` in a `Markup` class, as a way to designate it as being safe to use as-is without further escaping. As a result when you later try to escape the variable in jinga using `... | e`, it will do nothing at all, resulting in raw HTML being put into the XML document, leading to the later parsing errors.\r\n\r\nI think either the original sanitizer code needs to be re-instated and made to work with py3, or perhaps an external library such as https://github.com/matthiask/html-sanitizer/ could be leveraged  ?","author":{"url":"https://github.com/berrange","@type":"Person","name":"berrange"},"datePublished":"2024-10-24T13:28:20.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":3},"url":"https://github.com/582/planet/issues/582"}