If the organization name for an instance includes double quotes, they will be included without escaping in the reuleset XML, breaking HTTPSE's scripts with errors like:
~/securedrop-https-everywhere-ruleset/https-everywhere ~/securedrop-https-everywhere-ruleset
* Parsing XML ruleset and constructing JSON library...
Traceback (most recent call last):
File "utils/merge-rulesets.py", line 50, in <module>
tree = xml.etree.ElementTree.parse(filename)
File "/usr/lib/python3.7/xml/etree/ElementTree.py", line 1197, in parse
tree.parse(source, parser)
File "/usr/lib/python3.7/xml/etree/ElementTree.py", line 598, in parse
self._root = parser._parse_whole(source)
xml.etree.ElementTree.ParseError: not well-formed (invalid token): line 1, column 24
One workaround is to just not do that, but it would be good to properly escape string values being used in XML instead.
If the organization name for an instance includes double quotes, they will be included without escaping in the reuleset XML, breaking HTTPSE's scripts with errors like:
One workaround is to just not do that, but it would be good to properly escape string values being used in XML instead.