Merge "Escape ec2 XML error responses"

author: Jenkins <jenkins@review.openstack.org> 2012-09-05 21:37:22 +0000
committer: Gerrit Code Review <review@openstack.org> 2012-09-05 21:37:22 +0000
commit: 95fb70be29d735a34549c91ac5967d4b5faec7b8 (patch)
tree: b6e01990f9bd0721ad8576a6ed31679fc2f6746c
parent: 04fe82e286d07356ce7d181b6d7148d6adef7675 (diff)
parent: f86b24935cf122183fcb9c523041d22071c3c0f1 (diff)
3 files changed, 10 insertions, 4 deletions
diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py
index 9613d0f8b..2ae685cec 100644
--- a/nova/api/ec2/__init__.py
+++ b/nova/api/ec2/__init__.py
@@ -84,8 +84,9 @@ def ec2_error(req, request_id, code, message):
                      '<Response><Errors><Error><Code>%s</Code>'
                      '<Message>%s</Message></Error></Errors>'
                      '<RequestID>%s</RequestID></Response>' %
-                     (utils.utf8(code), utils.utf8(message),
-                     utils.utf8(request_id)))
+                     (utils.xhtml_escape(utils.utf8(code)),
+                      utils.xhtml_escape(utils.utf8(message)),
+                      utils.xhtml_escape(utils.utf8(request_id))))
     return resp
 
 
diff --git a/nova/api/ec2/faults.py b/nova/api/ec2/faults.py
index 92bb4f6e7..ef16f086e 100644
--- a/nova/api/ec2/faults.py
+++ b/nova/api/ec2/faults.py
@@ -58,7 +58,8 @@ class Fault(webob.exc.HTTPException):
                          '<Response><Errors><Error><Code>%s</Code>'
                          '<Message>%s</Message></Error></Errors>'
                          '<RequestID>%s</RequestID></Response>' %
-                         (utils.utf8(code), utils.utf8(message),
-                         utils.utf8(ctxt.request_id)))
+                         (utils.xhtml_escape(utils.utf8(code)),
+                          utils.xhtml_escape(utils.utf8(message)),
+                          utils.xhtml_escape(utils.utf8(ctxt.request_id))))
 
         return resp
diff --git a/nova/tests/test_utils.py b/nova/tests/test_utils.py
index 39dc9ab6d..531778212 100644
--- a/nova/tests/test_utils.py
+++ b/nova/tests/test_utils.py
@@ -460,6 +460,10 @@ class GenericUtilsTestCase(test.TestCase):
     def test_xhtml_escape(self):
         self.assertEqual('&quot;foo&quot;', utils.xhtml_escape('"foo"'))
         self.assertEqual('&apos;foo&apos;', utils.xhtml_escape("'foo'"))
+        self.assertEqual('&amp;', utils.xhtml_escape('&'))
+        self.assertEqual('&gt;', utils.xhtml_escape('>'))
+        self.assertEqual('&lt;', utils.xhtml_escape('<'))
+        self.assertEqual('&lt;foo&gt;', utils.xhtml_escape('<foo>'))
 
     def test_hash_file(self):
         data = 'Mary had a little lamb, its fleece as white as snow'
author	Jenkins <jenkins@review.openstack.org>	2012-09-05 21:37:22 +0000
committer	Gerrit Code Review <review@openstack.org>	2012-09-05 21:37:22 +0000
commit	95fb70be29d735a34549c91ac5967d4b5faec7b8 (patch)
tree	b6e01990f9bd0721ad8576a6ed31679fc2f6746c
parent	04fe82e286d07356ce7d181b6d7148d6adef7675 (diff)
parent	f86b24935cf122183fcb9c523041d22071c3c0f1 (diff)