Merge branch 'master' into feature.override-asset-with-absolute-path

4 files changed, 5 insertions, 85 deletions

diff --git a/docs/quick_tour/awesome/setup.cfg b/docs/quick_tour/awesome/setup.cfg
deleted file mode 100644
index b1cd90d2c..000000000
--- a/docs/quick_tour/awesome/setup.cfg
+++ /dev/null
@@ -1,28 +0,0 @@
-[nosetests]
-match = ^test
-nocapture = 1
-cover-package = awesome
-with-coverage = 1
-cover-erase = 1
-
-[compile_catalog]
-directory = awesome/locale
-domain = awesome
-statistics = true
-
-[extract_messages]
-add_comments = TRANSLATORS:
-output_file = awesome/locale/awesome.pot
-width = 80
-mapping_file = message-extraction.ini
-
-[init_catalog]
-domain = awesome
-input_file = awesome/locale/awesome.pot
-output_dir = awesome/locale
-
-[update_catalog]
-domain = awesome
-input_file = awesome/locale/awesome.pot
-output_dir = awesome/locale
-previous = true
diff --git a/docs/quick_tour/package/setup.cfg b/docs/quick_tour/package/setup.cfg
deleted file mode 100644
index 186e796fc..000000000
--- a/docs/quick_tour/package/setup.cfg
+++ /dev/null
@@ -1,28 +0,0 @@
-[nosetests]
-match = ^test
-nocapture = 1
-cover-package = hello_world
-with-coverage = 1
-cover-erase = 1
-
-[compile_catalog]
-directory = hello_world/locale
-domain = hello_world
-statistics = true
-
-[extract_messages]
-add_comments = TRANSLATORS:
-output_file = hello_world/locale/hello_world.pot
-width = 80
-mapping_file = message-extraction.ini
-
-[init_catalog]
-domain = hello_world
-input_file = hello_world/locale/hello_world.pot
-output_dir = hello_world/locale
-
-[update_catalog]
-domain = hello_world
-input_file = hello_world/locale/hello_world.pot
-output_dir = hello_world/locale
-previous = true
diff --git a/docs/quick_tour/sqla_demo/setup.cfg b/docs/quick_tour/sqla_demo/setup.cfg
deleted file mode 100644
index 9f91cd122..000000000
--- a/docs/quick_tour/sqla_demo/setup.cfg
+++ /dev/null
@@ -1,27 +0,0 @@
-[nosetests]
-match=^test
-nocapture=1
-cover-package=sqla_demo
-with-coverage=1
-cover-erase=1
-
-[compile_catalog]
-directory = sqla_demo/locale
-domain = sqla_demo
-statistics = true
-
-[extract_messages]
-add_comments = TRANSLATORS:
-output_file = sqla_demo/locale/sqla_demo.pot
-width = 80
-
-[init_catalog]
-domain = sqla_demo
-input_file = sqla_demo/locale/sqla_demo.pot
-output_dir = sqla_demo/locale
-
-[update_catalog]
-domain = sqla_demo
-input_file = sqla_demo/locale/sqla_demo.pot
-output_dir = sqla_demo/locale
-previous = true
diff --git a/docs/quick_tour/views/views.py b/docs/quick_tour/views/views.py
index 9dc795f14..1449cbb38 100644
--- a/docs/quick_tour/views/views.py
+++ b/docs/quick_tour/views/views.py
@@ -1,3 +1,5 @@
+import cgi
+
 from pyramid.httpexceptions import HTTPFound
 from pyramid.response import Response
 from pyramid.view import view_config
@@ -14,7 +16,8 @@ def home_view(request):
 def hello_view(request):
     name = request.params.get('name', 'No Name')
     body = '<p>Hi %s, this <a href="/goto">redirects</a></p>'
-    return Response(body % name)
+    # cgi.escape to prevent Cross-Site Scripting (XSS) [CWE 79]
+    return Response(body % cgi.escape(name))
 
 
 # /goto which issues HTTP redirect to the last view
@@ -23,7 +26,7 @@ def redirect_view(request):
     return HTTPFound(location="/problem")
 
 
-# /problem which causes an site error
+# /problem which causes a site error
 @view_config(route_name='exception')
 def exception_view(request):
     raise Exception()