diff options
| author | Jeremy Chen <jeremy886@gmail.com> | 2017-08-30 22:35:18 +1000 |
|---|---|---|
| committer | Jeremy Chen <jeremy886@gmail.com> | 2017-08-30 22:35:18 +1000 |
| commit | cae6da810e5b0571a8e5f46da619fa7761ee62b9 (patch) | |
| tree | 7b35fd20e372b2d94fd9c402a95a5468da4ccc57 /docs/quick_tour/views | |
| parent | df2a517acb68100c679fc38bf0c53c5c15dde62f (diff) | |
| download | pyramid-cae6da810e5b0571a8e5f46da619fa7761ee62b9.tar.gz pyramid-cae6da810e5b0571a8e5f46da619fa7761ee62b9.tar.bz2 pyramid-cae6da810e5b0571a8e5f46da619fa7761ee62b9.zip | |
change cgi.escape to pyramid compat.escape
Diffstat (limited to 'docs/quick_tour/views')
| -rw-r--r-- | docs/quick_tour/views/views.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/quick_tour/views/views.py b/docs/quick_tour/views/views.py index 1449cbb38..9db8ef3c4 100644 --- a/docs/quick_tour/views/views.py +++ b/docs/quick_tour/views/views.py @@ -1,4 +1,4 @@ -import cgi +from pyramid.compat import escape from pyramid.httpexceptions import HTTPFound from pyramid.response import Response @@ -17,7 +17,7 @@ def hello_view(request): name = request.params.get('name', 'No Name') body = '<p>Hi %s, this <a href="/goto">redirects</a></p>' # cgi.escape to prevent Cross-Site Scripting (XSS) [CWE 79] - return Response(body % cgi.escape(name)) + return Response(body % escape(name)) # /goto which issues HTTP redirect to the last view |