diff options
author | Florent Le Coz <louiz@louiz.org> | 2011-11-08 02:07:40 +0100 |
---|---|---|
committer | Florent Le Coz <louiz@louiz.org> | 2011-11-08 02:07:40 +0100 |
commit | d83eda6fd4fc74d5bedb1ca860c1015e7e0d3732 (patch) | |
tree | 4efdc04c3343381b387024838353af43e8bac843 /src | |
parent | 1ccfd09552a3ee6fa1feb4181bccf862ca21417e (diff) | |
download | poezio-d83eda6fd4fc74d5bedb1ca860c1015e7e0d3732.tar.gz poezio-d83eda6fd4fc74d5bedb1ca860c1015e7e0d3732.tar.bz2 poezio-d83eda6fd4fc74d5bedb1ca860c1015e7e0d3732.tar.xz poezio-d83eda6fd4fc74d5bedb1ca860c1015e7e0d3732.zip |
escape <, > and & in xhtml-im bodies.
Diffstat (limited to 'src')
-rw-r--r-- | src/xhtml.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/xhtml.py b/src/xhtml.py index 5eda635b..44195f90 100644 --- a/src/xhtml.py +++ b/src/xhtml.py @@ -16,7 +16,11 @@ import re import subprocess import curses from sleekxmpp.xmlstream import ET + +import xml.sax.saxutils + from xml.etree.ElementTree import ElementTree + from sys import version_info from config import config @@ -401,7 +405,7 @@ def poezio_colors_to_html(string): while next_attr_char != -1: attr_char = string[next_attr_char+1].lower() if next_attr_char != 0: - res += string[:next_attr_char] + res += xml.sax.saxutils.escape(string[:next_attr_char]) if attr_char == 'o': for elem in opened_elements[::-1]: res += '</%s>' % (elem,) @@ -425,7 +429,7 @@ def poezio_colors_to_html(string): else: string = string[next_attr_char+2:] next_attr_char = string.find('\x19') - res += string + res += xml.sax.saxutils.escape(string) for elem in opened_elements[::-1]: res += '</%s>' % (elem,) res += "</p></body>" |