Description of problem: As of Beaker 0.15, system notes are parsed as Markdown. However in default Markdown configuration, HTML tags are passed through as is (rather than being escaped). That means if a system note contains < > characters that aren't HTML, for example: Console is available via conserver at: console -l <user> <system_fqdn> they will be passed through as HTML tags and then Kid will fail to parse them. Version-Release number of selected component (if applicable): 0.15.0 How reproducible: always Steps to Reproduce: 1. Add a system note containing <something> Actual results: System page returns 500 error, stack trace is: 2013-10-03 10:23:48,188 cherrypy.msg INFO HTTP: Page handler: <bound method Root.view of <bkr.server.controllers.Root object at 0x5507590>> Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/CherryPy-2.3.0-py2.6.egg/cherrypy/_cphttptools.py", line 121, in _run self.main() File "/usr/lib/python2.6/site-packages/CherryPy-2.3.0-py2.6.egg/cherrypy/_cphttptools.py", line 264, in main body = page_handler(*virtual_path, **self.params) File "Server/bkr/server/controllers.py", line 885, in view return self._view_system_as_html(fqdn, **kwargs) File "<string>", line 3, in _view_system_as_html File "/usr/lib/python2.6/site-packages/turbogears/controllers.py", line 361, in expose *args, **kw) File "/Server/bkr/server/wsgi.py", line 54, in run_with_transaction_noop return func(*args, **kwargs) File "/usr/lib/python2.6/site-packages/turbogears/controllers.py", line 244, in _expose @abstract() File "<generated code>", line 0, in _expose File "/usr/lib/python2.6/site-packages/peak/rules/core.py", line 153, in __call__ return self.body(*args, **kw) File "/usr/lib/python2.6/site-packages/turbogears/controllers.py", line 390, in <lambda> fragment, options, args, kw))) File "/usr/lib/python2.6/site-packages/turbogears/controllers.py", line 451, in _execute_func fragment, **options) File "/usr/lib/python2.6/site-packages/turbogears/controllers.py", line 100, in _process_output headers=headers, fragment=fragment, **options) File "/usr/lib/python2.6/site-packages/turbogears/view/base.py", line 203, in render return engine.render(**kw) File "/usr/lib/python2.6/site-packages/turbokid/kidsupport.py", line 220, in render output=output, format=format) File "/usr/lib/python2.6/site-packages/kid/__init__.py", line 301, in serialize raise_template_error(module=self.__module__) File "/usr/lib/python2.6/site-packages/kid/__init__.py", line 299, in serialize return serializer.serialize(self, encoding, fragment, format) File "/usr/lib/python2.6/site-packages/kid/serialization.py", line 107, in serialize text = ''.join(self.generate(stream, encoding, fragment, format)) File "/usr/lib/python2.6/site-packages/kid/serialization.py", line 629, in generate for ev, item in self.apply_filters(stream, format): File "/usr/lib/python2.6/site-packages/kid/serialization.py", line 165, in format_stream for ev, item in stream: File "/usr/lib/python2.6/site-packages/kid/parser.py", line 221, in _coalesce for ev, item in stream: File "/usr/lib/python2.6/site-packages/kid/serialization.py", line 477, in inject_meta_tags for ev, item in stream: File "/usr/lib/python2.6/site-packages/kid/parser.py", line 179, in _track for p in stream: File "/usr/lib/python2.6/site-packages/kid/filter.py", line 32, in apply_matches item = stream.expand() File "/usr/lib/python2.6/site-packages/kid/parser.py", line 108, in expand for ev, item in self._iter: File "/usr/lib/python2.6/site-packages/kid/parser.py", line 179, in _track for p in stream: File "/usr/lib/python2.6/site-packages/kid/parser.py", line 221, in _coalesce for ev, item in stream: File "/home/dcallagh/work/beaker/Server/bkr/server/templates/system.py", line 407, in _pull File "/usr/lib/python2.6/site-packages/turbogears/widgets/meta.py", line 99, in lockwidget output = self.__class__.display(self, *args, **kw) File "/usr/lib/python2.6/site-packages/turbogears/widgets/base.py", line 401, in display return super(CompoundWidget, self).display(value, **params) File "/usr/lib/python2.6/site-packages/turbogears/widgets/forms.py", line 48, in _update_path returnval = func(self, *args, **kw) File "/usr/lib/python2.6/site-packages/turbogears/widgets/forms.py", line 232, in display return super(InputWidget, self).display(value, **params) File "/usr/lib/python2.6/site-packages/turbogears/widgets/base.py", line 297, in display output = transform(params, self.template_c) File "/usr/lib/python2.6/site-packages/turbokid/kidsupport.py", line 234, in transform return kid.ElementStream(template.transform()).expand() File "/usr/lib/python2.6/site-packages/kid/parser.py", line 108, in expand for ev, item in self._iter: File "/usr/lib/python2.6/site-packages/kid/parser.py", line 179, in _track for p in stream: File "/usr/lib/python2.6/site-packages/kid/parser.py", line 179, in _track for p in stream: File "/usr/lib/python2.6/site-packages/kid/filter.py", line 26, in apply_matches for ev, item in stream: File "/usr/lib/python2.6/site-packages/kid/parser.py", line 179, in _track for p in stream: File "/usr/lib/python2.6/site-packages/kid/parser.py", line 221, in _coalesce for ev, item in stream: File "Server/bkr/server/templates/system_notes.py", line 141, in _pull File "/usr/lib/python2.6/site-packages/kid/parser.py", line 179, in _track for p in stream: File "/usr/lib/python2.6/site-packages/kid/parser.py", line 130, in strip for ev, item in self._iter: File "/usr/lib/python2.6/site-packages/kid/parser.py", line 179, in _track for p in stream: File "/usr/lib/python2.6/site-packages/kid/parser.py", line 221, in _coalesce for ev, item in stream: File "/usr/lib/python2.6/site-packages/kid/parser.py", line 393, in __iter__ for ev, stuff in self._expat_stream(): File "/usr/lib/python2.6/site-packages/kid/parser.py", line 372, in _expat_stream feed(data) File "/usr/lib/python2.6/site-packages/kid/parser.py", line 434, in feed raise expat.ExpatError(e) ExpatError: Error parsing XML: console -l <user> ^ mismatched tag: line 2, column 72 Error location in template file 'Server/bkr/server/templates/system.kid' between line 93, column 3 and line 94, column 3: </div> Expected results: < and > characters should be escaped (no raw HTML pass-through permitted in system notes). Additional info: Need to set safe_mode='escape': http://pythonhosted.org/Markdown/reference.html#safe_mode
On Gerrit: http://gerrit.beaker-project.org/2324
Something for the future: https://github.com/waylan/Python-Markdown/issues/214
verified on beaker-devel Version 0.15.0(2013-10-8)-->pass Steps: 1. Add a system note containing <something> Actual results: same as expected results. Expected results: no Xml parsing error happens.
beaker 0.15.1 has been released.