Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

https-everywhere's merge-rulesets.py fails if org name includes double quotes #92

Open
zenmonkeykstop opened this issue Apr 22, 2022 · 2 comments

Comments

@zenmonkeykstop
Copy link
Contributor

If the organization name for an instance includes double quotes, they will be included without escaping in the reuleset XML, breaking HTTPSE's scripts with errors like:

~/securedrop-https-everywhere-ruleset/https-everywhere ~/securedrop-https-everywhere-ruleset
 * Parsing XML ruleset and constructing JSON library...
Traceback (most recent call last):
  File "utils/merge-rulesets.py", line 50, in <module>
    tree = xml.etree.ElementTree.parse(filename)
  File "/usr/lib/python3.7/xml/etree/ElementTree.py", line 1197, in parse
    tree.parse(source, parser)
  File "/usr/lib/python3.7/xml/etree/ElementTree.py", line 598, in parse
    self._root = parser._parse_whole(source)
xml.etree.ElementTree.ParseError: not well-formed (invalid token): line 1, column 24

One workaround is to just not do that, but it would be good to properly escape string values being used in XML instead.

@zenmonkeykstop
Copy link
Contributor Author

(looks like there's already a fn to remove umlauts in sddir.py, could just generalize it a bit.)

@Cachora
Copy link

Cachora commented Feb 12, 2023

👍🏻

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants