What version are you running?
2.0.2 (still present in 2.1 alpha 0)
What's the URL of the page containing the problem?
/r/#
What steps will reproduce the problem?
1. Create a review request
2. Publish
3. Create a new revision, changing the description or summary to include unprintable characters
4. Publish
What is the expected output? What do you see instead?
I expect to see the page, not showing unprintable characters (or showing them specially). Instead, the whole review is inaccessible with a 500 error page.
I was able to reproduce this on the demo.reviewboard.org site with the following command for the second revision (the "%0C" is what causes the problem):
curl -X PUT -H "Authorization: Basic $(printf guest9121:demo | openssl base64)" -s -d "summary=Escaped%20character;description=This%20is%20a%20%0Cield" http://demo.reviewboard.org/api/review-requests/30/draft/
When I do this on my server, the following shows up in the error logs.
2014-10-13 20:42:20,334 - ERROR - - Exception thrown for user <redacted> at <redacted>
not well-formed (invalid token): line 1, column 28
Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/Django-1.6.7-py2.7.egg/django/core/handlers/base.py", line 112, in get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/accounts/decorators.py", line 23, in _check
return view_func(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/site/decorators.py", line 35, in _check
return view_func(request, local_site=local_site, *args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/reviews/views.py", line 662, in review_detail
changedesc.fields_changed[field_id])
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/reviews/fields.py", line 159, in get_change_entry_sections_html
'rendered_html': mark_safe(self.render_change_entry_html(info)),
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/reviews/fields.py", line 486, in render_change_entry_html
old_lines = list(iter_markdown_lines(old_value))
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/reviews/markdown_utils.py", line 131, in iter_markdown_lines
nodes = get_markdown_element_tree(markdown_html)
File "/usr/local/lib/python2.7/site-packages/ReviewBoard-2.0.2-py2.7.egg/reviewboard/reviews/markdown_utils.py", line 184, in get_markdown_element_tree
doc = parseString(b'<html>%s</html>' % markdown_html)
File "/usr/local/lib/python2.7/xml/dom/minidom.py", line 1928, in parseString
return expatbuilder.parseString(string)
File "/usr/local/lib/python2.7/xml/dom/expatbuilder.py", line 940, in parseString
return builder.parseString(string)
File "/usr/local/lib/python2.7/xml/dom/expatbuilder.py", line 223, in parseString
parser.Parse(string, True)
ExpatError: not well-formed (invalid token): line 1, column 28
What operating system are you using? What browser?
Windows 7, Firefox
Please provide any additional information below.
The unprintable characters were due to a problem in one of my scripts (people had doxygen comments like "\brief" in their description, and the script passed it through "echo -ne" at one point).
The unprintable characters are handled fine in the review normally (not displayed in the description, shows up as a colored dot when editing), but as soon as it shows up in a change description, it's toast.
I can understand this is a "don't do that" situation, but it would be good if it was hardened to show _something_ besides a 505 page.
