# HG changeset patch
# User Augie Fackler <augie@google.com>
# Date 1508208283 14400
# Node ID 4fdc4adbc838e14516d3df8cd21f6212bf159d9a
# Parent  537de0b14030868e3e850ae388b08f88cabc88e8
templatefilters: defend against evil unicode strs in json filter

We only want to do I/O in terms of bytes, so lets explode early
instead of recursing forever.

Differential Revision: https://phab.mercurial-scm.org/D1136

diff -r 537de0b14030 -r 4fdc4adbc838 mercurial/templatefilters.py
--- a/mercurial/templatefilters.py	Wed Sep 20 19:38:06 2017 +0200
+++ b/mercurial/templatefilters.py	Mon Oct 16 22:44:43 2017 -0400
@@ -13,6 +13,7 @@
 
 from . import (
     encoding,
+    error,
     hbisect,
     node,
     pycompat,
@@ -233,6 +234,13 @@
         return pycompat.bytestr(obj)
     elif isinstance(obj, bytes):
         return '"%s"' % encoding.jsonescape(obj, paranoid=paranoid)
+    elif isinstance(obj, str):
+        # This branch is unreachable on Python 2, because bytes == str
+        # and we'll return in the next-earlier block in the elif
+        # ladder. On Python 3, this helps us catch bugs before they
+        # hurt someone.
+        raise error.ProgrammingError(
+            'Mercurial only does output with bytes on Python 3: %r' % obj)
     elif util.safehasattr(obj, 'keys'):
         out = ['"%s": %s' % (encoding.jsonescape(k, paranoid=paranoid),
                              json(v, paranoid))