From 741d244c5aeeb703bdfc7f33d0337b45e4254e40 Mon Sep 17 00:00:00 2001
From: Chris Caron <lead2gold@gmail.com>
Date: Sun, 10 Mar 2019 12:24:57 -0400
Subject: [PATCH] escape_html bulletproofing

---
 apprise/URLBase.py       | 6 +++---
 test/test_notify_base.py | 5 +++++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/apprise/URLBase.py b/apprise/URLBase.py
index f185d87b..fff8266e 100644
--- a/apprise/URLBase.py
+++ b/apprise/URLBase.py
@@ -24,6 +24,7 @@
 # THE SOFTWARE.
 
 import re
+import six
 import logging
 from time import sleep
 from datetime import datetime
@@ -199,9 +200,8 @@ class URLBase(object):
         Returns:
             str: The escaped html
         """
-        if not html:
-            # nothing more to do; return object as is
-            return html
+        if not isinstance(html, six.string_types) or not html:
+            return ''
 
         # Escape HTML
         escaped = sax_escape(html, {"'": "&apos;", "\"": "&quot;"})
diff --git a/test/test_notify_base.py b/test/test_notify_base.py
index 91a88a3d..3c03aff2 100644
--- a/test/test_notify_base.py
+++ b/test/test_notify_base.py
@@ -196,6 +196,11 @@ def test_notify_base():
         '/path/?name=Dr%20Disrespect', unquote=True) == \
         ['path', '?name=Dr', 'Disrespect']
 
+    # Give nothing, get nothing
+    assert NotifyBase.escape_html("") == ""
+    assert NotifyBase.escape_html(None) == ""
+    assert NotifyBase.escape_html(object()) == ""
+
     # Test quote
     assert NotifyBase.unquote('%20') == ' '
     assert NotifyBase.quote(' ') == '%20'