Patchwork D1136: templatefilters: defend against evil unicode strs in json filter

login
register
mail settings
Submitter phabricator
Date Oct. 18, 2017, 12:46 p.m.
Message ID <9a39fa5a14be57f6234e18926a239f31@localhost.localdomain>
Download mbox | patch
Permalink /patch/25155/
State Not Applicable
Headers show

Comments

phabricator - Oct. 18, 2017, 12:46 p.m.
This revision was automatically updated to reflect the committed changes.
Closed by commit rHG4fdc4adbc838: templatefilters: defend against evil unicode strs in json filter (authored by durin42, committed by ).

CHANGED PRIOR TO COMMIT
  https://phab.mercurial-scm.org/D1136?vs=2917&id=2966#toc

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST UPDATE
  https://phab.mercurial-scm.org/D1136?vs=2917&id=2966

REVISION DETAIL
  https://phab.mercurial-scm.org/D1136

AFFECTED FILES
  mercurial/templatefilters.py

CHANGE DETAILS




To: durin42, #hg-reviewers, yuja
Cc: yuja, ryanmce, mercurial-devel

Patch

diff --git a/mercurial/templatefilters.py b/mercurial/templatefilters.py
--- a/mercurial/templatefilters.py
+++ b/mercurial/templatefilters.py
@@ -13,6 +13,7 @@ 
 
 from . import (
     encoding,
+    error,
     hbisect,
     node,
     pycompat,
@@ -233,6 +234,13 @@ 
         return pycompat.bytestr(obj)
     elif isinstance(obj, bytes):
         return '"%s"' % encoding.jsonescape(obj, paranoid=paranoid)
+    elif isinstance(obj, str):
+        # This branch is unreachable on Python 2, because bytes == str
+        # and we'll return in the next-earlier block in the elif
+        # ladder. On Python 3, this helps us catch bugs before they
+        # hurt someone.
+        raise error.ProgrammingError(
+            'Mercurial only does output with bytes on Python 3: %r' % obj)
     elif util.safehasattr(obj, 'keys'):
         out = ['"%s": %s' % (encoding.jsonescape(k, paranoid=paranoid),
                              json(v, paranoid))