From c90471defdd552b4a8c2073914cfd49e7d9f2ca0 Mon Sep 17 00:00:00 2001
From: Paul Everitt <paul@agendaless.com>
Date: Mon, 12 Aug 2013 19:59:33 -0400
Subject: Forgot to add the subdir

---
 docs/quick_tour/views/app.py   | 13 +++++++++++++
 docs/quick_tour/views/views.py | 29 +++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 docs/quick_tour/views/app.py
 create mode 100644 docs/quick_tour/views/views.py

(limited to 'docs/quick_tour/views')

diff --git a/docs/quick_tour/views/app.py b/docs/quick_tour/views/app.py
new file mode 100644
index 000000000..54dc9ed4b
--- /dev/null
+++ b/docs/quick_tour/views/app.py
@@ -0,0 +1,13 @@
+from wsgiref.simple_server import make_server
+from pyramid.config import Configurator
+
+if __name__ == '__main__':
+    config = Configurator()
+    config.add_route('home', '/')
+    config.add_route('hello', '/howdy')
+    config.add_route('redirect', '/goto')
+    config.add_route('exception', '/problem')
+    config.scan('views')
+    app = config.make_wsgi_app()
+    server = make_server('0.0.0.0', 6543, app)
+    server.serve_forever()
\ No newline at end of file
diff --git a/docs/quick_tour/views/views.py b/docs/quick_tour/views/views.py
new file mode 100644
index 000000000..9dc795f14
--- /dev/null
+++ b/docs/quick_tour/views/views.py
@@ -0,0 +1,29 @@
+from pyramid.httpexceptions import HTTPFound
+from pyramid.response import Response
+from pyramid.view import view_config
+
+
+# First view, available at http://localhost:6543/
+@view_config(route_name='home')
+def home_view(request):
+    return Response('<p>Visit <a href="/howdy?name=lisa">hello</a></p>')
+
+
+# /howdy?name=alice which links to the next view
+@view_config(route_name='hello')
+def hello_view(request):
+    name = request.params.get('name', 'No Name')
+    body = '<p>Hi %s, this <a href="/goto">redirects</a></p>'
+    return Response(body % name)
+
+
+# /goto which issues HTTP redirect to the last view
+@view_config(route_name='redirect')
+def redirect_view(request):
+    return HTTPFound(location="/problem")
+
+
+# /problem which causes an site error
+@view_config(route_name='exception')
+def exception_view(request):
+    raise Exception()
-- 
cgit v1.2.3


From f1f35b771cb361a0e6e47a271292d48bf21c3cdd Mon Sep 17 00:00:00 2001
From: westurner <wes.turner@gmail.com>
Date: Tue, 15 Apr 2014 10:27:38 -0500
Subject: DOC: Add cgi.escape to quick_tour/views/views.py (Fixes #1294)

---
 docs/quick_tour/views/views.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'docs/quick_tour/views')

diff --git a/docs/quick_tour/views/views.py b/docs/quick_tour/views/views.py
index 9dc795f14..0ca1347f2 100644
--- a/docs/quick_tour/views/views.py
+++ b/docs/quick_tour/views/views.py
@@ -2,6 +2,7 @@ from pyramid.httpexceptions import HTTPFound
 from pyramid.response import Response
 from pyramid.view import view_config
 
+import cgi
 
 # First view, available at http://localhost:6543/
 @view_config(route_name='home')
@@ -14,7 +15,7 @@ def home_view(request):
 def hello_view(request):
     name = request.params.get('name', 'No Name')
     body = '<p>Hi %s, this <a href="/goto">redirects</a></p>'
-    return Response(body % name)
+    return Response(body % cgi.escape(name))
 
 
 # /goto which issues HTTP redirect to the last view
-- 
cgit v1.2.3


From 4083b3bb431b464f330fb17e22a6465aeb6f2fe0 Mon Sep 17 00:00:00 2001
From: westurner <wes.turner@gmail.com>
Date: Tue, 15 Apr 2014 11:55:10 -0500
Subject: DOC: Comment re: XSS, PEP8 imports, typo

---
 docs/quick_tour/views/views.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'docs/quick_tour/views')

diff --git a/docs/quick_tour/views/views.py b/docs/quick_tour/views/views.py
index 0ca1347f2..1449cbb38 100644
--- a/docs/quick_tour/views/views.py
+++ b/docs/quick_tour/views/views.py
@@ -1,8 +1,9 @@
+import cgi
+
 from pyramid.httpexceptions import HTTPFound
 from pyramid.response import Response
 from pyramid.view import view_config
 
-import cgi
 
 # First view, available at http://localhost:6543/
 @view_config(route_name='home')
@@ -15,6 +16,7 @@ def home_view(request):
 def hello_view(request):
     name = request.params.get('name', 'No Name')
     body = '<p>Hi %s, this <a href="/goto">redirects</a></p>'
+    # cgi.escape to prevent Cross-Site Scripting (XSS) [CWE 79]
     return Response(body % cgi.escape(name))
 
 
@@ -24,7 +26,7 @@ def redirect_view(request):
     return HTTPFound(location="/problem")
 
 
-# /problem which causes an site error
+# /problem which causes a site error
 @view_config(route_name='exception')
 def exception_view(request):
     raise Exception()
-- 
cgit v1.2.3


From 257ac062342d5b2cd18b47737cf9fb94aa528b8a Mon Sep 17 00:00:00 2001
From: Steve Piercy <web@stevepiercy.com>
Date: Fri, 22 Jan 2016 00:29:38 -0800
Subject: Overhaul Quick Tour: start to "Quick project startup with scaffolds"

---
 docs/quick_tour/views/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'docs/quick_tour/views')

diff --git a/docs/quick_tour/views/app.py b/docs/quick_tour/views/app.py
index 54dc9ed4b..e8df6eff2 100644
--- a/docs/quick_tour/views/app.py
+++ b/docs/quick_tour/views/app.py
@@ -10,4 +10,4 @@ if __name__ == '__main__':
     config.scan('views')
     app = config.make_wsgi_app()
     server = make_server('0.0.0.0', 6543, app)
-    server.serve_forever()
\ No newline at end of file
+    server.serve_forever()
-- 
cgit v1.2.3