D1136: templatefilters: defend against evil unicode strs in json filter
durin42 (Augie Fackler)
phabricator at mercurial-scm.org
Tue Oct 17 02:56:18 UTC 2017
durin42 created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.
REVISION SUMMARY
We only want to do I/O in terms of bytes, so lets explode early
instead of recursing forever.
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D1136
AFFECTED FILES
mercurial/templatefilters.py
CHANGE DETAILS
diff --git a/mercurial/templatefilters.py b/mercurial/templatefilters.py
--- a/mercurial/templatefilters.py
+++ b/mercurial/templatefilters.py
@@ -233,6 +233,13 @@
return pycompat.bytestr(obj)
elif isinstance(obj, bytes):
return '"%s"' % encoding.jsonescape(obj, paranoid=paranoid)
+ elif isinstance(obj, str):
+ # This branch is unreachable on Python 2, because bytes == str
+ # and we'll return in the next-earlier block in the elif
+ # ladder. On Python 3, this helps us catch bugs before they
+ # hurt someone.
+ raise TypeError(
+ r'Mercurial only does output with bytes on Python 3: %r' % obj)
elif util.safehasattr(obj, 'keys'):
out = ['"%s": %s' % (encoding.jsonescape(k, paranoid=paranoid),
json(v, paranoid))
To: durin42, #hg-reviewers
Cc: mercurial-devel
More information about the Mercurial-devel
mailing list