commit ccb3b8d17ddf228c903a3abaabf80ba179dadb3a Author: Robert Ransom rransom.8774@gmail.com Date: Thu Apr 30 05:21:50 2015 -0700
HTML-encode bridge lines properly --- lib/bridgedb/HTTPServer.py | 4 +++- lib/bridgedb/templates/bridges.html | 5 +++-- 2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/lib/bridgedb/HTTPServer.py b/lib/bridgedb/HTTPServer.py index 2e0398c..47ea298 100644 --- a/lib/bridgedb/HTTPServer.py +++ b/lib/bridgedb/HTTPServer.py @@ -56,6 +56,7 @@ from bridgedb.qrcodes import generateQR from bridgedb.safelog import logSafely from bridgedb.schedule import Unscheduled from bridgedb.schedule import ScheduledInterval +from bridgedb.util import htmlify_string
TEMPLATE_DIR = os.path.join(os.path.dirname(__file__), 'templates') @@ -786,7 +787,8 @@ class WebResourceBridges(resource.Resource): rtl=rtl, lang=langs[0], answer=bridgeLines, - qrcode=qrcode) + qrcode=qrcode, + htmlify_string=htmlify_string) except Exception as err: rendered = replaceErrorPage(err)
diff --git a/lib/bridgedb/templates/bridges.html b/lib/bridgedb/templates/bridges.html index 8048919..0ecf1d4 100644 --- a/lib/bridgedb/templates/bridges.html +++ b/lib/bridgedb/templates/bridges.html @@ -1,7 +1,8 @@ ## -*- coding: utf-8 -*-
<%inherit file="base.html"/> -<%page args="strings, rtl=False, lang='en', answer=0, qrcode=0, **kwargs"/> +<%page args="strings, rtl=False, lang='en', answer=0, qrcode=0, + htmlify_string=None, **kwargs"/>
</div> </div> @@ -66,7 +67,7 @@ <div class="row" id="bridgesrow1"> <div class="col col-lg-12"> <div class="bridge-lines" id="bridgelines"> -${answer.replace("\n", "<br />")} +${htmlify_string(answer)} </div> </div> </div>