~loggerhead-team/loggerhead/trunk-rich

« back to all changes in this revision

Viewing changes to loggerhead/controllers/view_ui.py

  • Committer: William Grant
  • Date: 2011-03-24 23:02:29 UTC
  • mfrom: (441.1.7 xss-fix)
  • Revision ID: william.grant@canonical.com-20110324230229-zq85fy6aqvlyylbu
Improve escaping of filenames in revision views. Fixes a couple of XSS holes.

Show diffs side-by-side

added added

removed removed

Lines of Context:
17
17
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
18
18
#
19
19
 
20
 
import cgi
21
20
import os
22
21
import time
23
22
 
65
64
            extra_lines = len(file_lines) - len(hl_lines)
66
65
            hl_lines.extend([u''] * extra_lines)
67
66
        else:
68
 
            hl_lines = map(cgi.escape, file_lines)
 
67
            hl_lines = map(util.html_escape, file_lines)
69
68
        
70
69
        return hl_lines;
71
70