diff options
| author | Tres Seaver <tseaver@palladion.com> | 2013-10-17 09:12:10 -0700 |
|---|---|---|
| committer | Tres Seaver <tseaver@palladion.com> | 2013-10-17 09:12:10 -0700 |
| commit | c0a6d0ef43c681a83084523c63203e50a3c8607a (patch) | |
| tree | cef2dd60ec9bcc4e03d76362b0b69d18e3606f60 /docs | |
| parent | 1034327081839902e691236f60b2a85f74bbc4e3 (diff) | |
| parent | 592ec0178d25767859523c1ac221c6f3cb303875 (diff) | |
| download | pyramid-c0a6d0ef43c681a83084523c63203e50a3c8607a.tar.gz pyramid-c0a6d0ef43c681a83084523c63203e50a3c8607a.tar.bz2 pyramid-c0a6d0ef43c681a83084523c63203e50a3c8607a.zip | |
Merge pull request #1168 from jthemphill/patch-1
Add HTML escaping to views.py in the wiki2 tutorial
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/tutorials/wiki2/src/views/tutorial/views.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/docs/tutorials/wiki2/src/views/tutorial/views.py b/docs/tutorials/wiki2/src/views/tutorial/views.py index 5a9c75a61..d54b2a7aa 100644 --- a/docs/tutorials/wiki2/src/views/tutorial/views.py +++ b/docs/tutorials/wiki2/src/views/tutorial/views.py @@ -1,3 +1,4 @@ +import cgi import re from docutils.core import publish_parts @@ -32,10 +33,10 @@ def view_page(request): exists = DBSession.query(Page).filter_by(name=word).all() if exists: view_url = request.route_url('view_page', pagename=word) - return '<a href="%s">%s</a>' % (view_url, word) + return '<a href="%s">%s</a>' % (view_url, cgi.escape(word)) else: add_url = request.route_url('add_page', pagename=word) - return '<a href="%s">%s</a>' % (add_url, word) + return '<a href="%s">%s</a>' % (add_url, cgi.escape(word)) content = publish_parts(page.data, writer_name='html')['html_body'] content = wikiwords.sub(check, content) |