summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorent Le Coz <louiz@louiz.org>2011-11-08 02:07:40 +0100
committerFlorent Le Coz <louiz@louiz.org>2011-11-08 02:07:40 +0100
commitd83eda6fd4fc74d5bedb1ca860c1015e7e0d3732 (patch)
tree4efdc04c3343381b387024838353af43e8bac843
parent1ccfd09552a3ee6fa1feb4181bccf862ca21417e (diff)
downloadpoezio-d83eda6fd4fc74d5bedb1ca860c1015e7e0d3732.tar.gz
poezio-d83eda6fd4fc74d5bedb1ca860c1015e7e0d3732.tar.bz2
poezio-d83eda6fd4fc74d5bedb1ca860c1015e7e0d3732.tar.xz
poezio-d83eda6fd4fc74d5bedb1ca860c1015e7e0d3732.zip
escape <, > and & in xhtml-im bodies.
-rw-r--r--src/xhtml.py8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/xhtml.py b/src/xhtml.py
index 5eda635b..44195f90 100644
--- a/src/xhtml.py
+++ b/src/xhtml.py
@@ -16,7 +16,11 @@ import re
import subprocess
import curses
from sleekxmpp.xmlstream import ET
+
+import xml.sax.saxutils
+
from xml.etree.ElementTree import ElementTree
+
from sys import version_info
from config import config
@@ -401,7 +405,7 @@ def poezio_colors_to_html(string):
while next_attr_char != -1:
attr_char = string[next_attr_char+1].lower()
if next_attr_char != 0:
- res += string[:next_attr_char]
+ res += xml.sax.saxutils.escape(string[:next_attr_char])
if attr_char == 'o':
for elem in opened_elements[::-1]:
res += '</%s>' % (elem,)
@@ -425,7 +429,7 @@ def poezio_colors_to_html(string):
else:
string = string[next_attr_char+2:]
next_attr_char = string.find('\x19')
- res += string
+ res += xml.sax.saxutils.escape(string)
for elem in opened_elements[::-1]:
res += '</%s>' % (elem,)
res += "</p></body>"