BUG: HTML-escape function parameter default values

Such as `object()` rendering as `<object ...`, breaking HTML.

Tentatively fixes #108.

Author: kernc

pdoc/__init__.py

@@ -1100,10 +1100,21 @@ def _params(func_obj, annotate=False, link=None, module=None):
             return ["..."]
 
         def safe_default_value(p: inspect.Parameter):
+            if p.default is inspect.Parameter.empty:
+                return p
+
+            replacement = None
             if p.default is os.environ:
+                replacement = 'os.environ'
+            elif inspect.isclass(p.default):
+                replacement = p.default.__module__ + '.' + p.default.__qualname__
+            elif ' at 0x' in repr(p.default):
+                replacement = re.sub(r' at 0x\w+', '', repr(p.default))
+
+            if replacement:
                 class mock:
                     def __repr__(self):
-                        return 'os.environ'
+                        return replacement
                 return p.replace(default=mock())
             return p
 

pdoc/templates/html.mako

@@ -94,7 +94,7 @@
             if returns:
                 returns = ' ->\N{NBSP}' + returns
         %>
-        <span>${f.funcdef()} ${ident(f.name)}</span>(<span>${params})${returns}</span>
+        <span>${f.funcdef()} ${ident(f.name)}</span>(<span>${params | h})${returns | h}</span>
     </code></dt>
     <dd>${show_desc(f)}</dd>
   </%def>

pdoc/test/__init__.py

@@ -130,6 +130,7 @@ def _check_files(self, include_patterns=(), exclude_patterns=(), file_pattern='*
 
     def test_html(self):
         include_patterns = [
+            'a=<object',
             'CONST docstring',
             'var docstring',
             'foreign_var',
@@ -162,6 +163,7 @@ def test_html(self):
             ' class="ident">static',
         ]
         exclude_patterns = [
+            '<object ',
             ' class="ident">_private',
             ' class="ident">_Private',
         ]
@@ -264,6 +266,7 @@ def test_link_prefix(self):
 
     def test_text(self):
         include_patterns = [
+            'object_as_arg_default(*args, a=<object ',
             'CONST docstring',
             'var docstring',
             'foreign_var',
@@ -615,6 +618,9 @@ def test_Function_params(self):
                              lambda a=os.environ: None)
         self.assertEqual(func.params(), ['a=os.environ'])
 
+        func = pdoc.Function('f', mod, lambda a=object(): None)
+        self.assertEqual(func.params(), ['a=<object object>'])
+
         # typed
         def f(a: int, *b, c: typing.List[pdoc.Doc] = []): pass
         func = pdoc.Function('f', mod, f)

pdoc/test/example_pkg/__init__.py

@@ -18,7 +18,10 @@
 
 def foo(env=os.environ):
     """Doesn't leak environ"""
-    pass
+
+
+def object_as_arg_default(*args, a=object(), **kwargs):
+    """Html-encodes angle brackets in params"""
 
 
 class A: