diff options
| author | westurner <wes.turner@gmail.com> | 2014-04-15 11:55:10 -0500 |
|---|---|---|
| committer | westurner <wes.turner@gmail.com> | 2014-04-15 11:55:10 -0500 |
| commit | 4083b3bb431b464f330fb17e22a6465aeb6f2fe0 (patch) | |
| tree | c864c7d12cceb8ba264ff11c30ef00251df747aa /docs/quick_tour/views | |
| parent | f1f35b771cb361a0e6e47a271292d48bf21c3cdd (diff) | |
| download | pyramid-4083b3bb431b464f330fb17e22a6465aeb6f2fe0.tar.gz pyramid-4083b3bb431b464f330fb17e22a6465aeb6f2fe0.tar.bz2 pyramid-4083b3bb431b464f330fb17e22a6465aeb6f2fe0.zip | |
DOC: Comment re: XSS, PEP8 imports, typo
Diffstat (limited to 'docs/quick_tour/views')
| -rw-r--r-- | docs/quick_tour/views/views.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/docs/quick_tour/views/views.py b/docs/quick_tour/views/views.py index 0ca1347f2..1449cbb38 100644 --- a/docs/quick_tour/views/views.py +++ b/docs/quick_tour/views/views.py @@ -1,8 +1,9 @@ +import cgi + from pyramid.httpexceptions import HTTPFound from pyramid.response import Response from pyramid.view import view_config -import cgi # First view, available at http://localhost:6543/ @view_config(route_name='home') @@ -15,6 +16,7 @@ def home_view(request): def hello_view(request): name = request.params.get('name', 'No Name') body = '<p>Hi %s, this <a href="/goto">redirects</a></p>' + # cgi.escape to prevent Cross-Site Scripting (XSS) [CWE 79] return Response(body % cgi.escape(name)) @@ -24,7 +26,7 @@ def redirect_view(request): return HTTPFound(location="/problem") -# /problem which causes an site error +# /problem which causes a site error @view_config(route_name='exception') def exception_view(request): raise Exception() |