rnhmjoj/qutebrowser
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

HTML-escape qutescheme texts

Browse Source
This commit is contained in:
Florian Bruhin 2014-04-22 15:28:48 +02:00
parent abb5c06ee6
commit 786404add4
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
qutebrowser/network/qutescheme.py
View File

@ -23,6 +23,7 @@ Module attributes:
""" """
import logging import logging
import cgi
from qutebrowser.network.schemehandler import (SchemeHandler, from qutebrowser.network.schemehandler import (SchemeHandler,
SpecialNetworkReply) SpecialNetworkReply)
@ -57,7 +58,6 @@ def _get_html(title, snippet):
Return: Return:
HTML content as bytes. HTML content as bytes.
""" """
# FIXME we should html-escape the body
return _HTML_TEMPLATE.format(title=title, body=snippet).encode('UTF-8') return _HTML_TEMPLATE.format(title=title, body=snippet).encode('UTF-8')
@ -103,9 +103,11 @@ class QuteHandlers:
@classmethod @classmethod
def qute_pyeval(cls): def qute_pyeval(cls):
"""Handler for qute:pyeval. Return HTML content as bytes.""" """Handler for qute:pyeval. Return HTML content as bytes."""
return _get_html('pyeval', '<pre>{}</pre>'.format(pyeval_output)) text = cgi.escape(pyeval_output)
return _get_html('pyeval', '<pre>{}</pre>'.format(text))
@classmethod @classmethod
def qute_version(cls): def qute_version(cls):
"""Handler for qute:version. Return HTML content as bytes.""" """Handler for qute:version. Return HTML content as bytes."""
return _get_html('Version', '<pre>{}</pre>'.format(version())) text = cgi.escape(version())
return _get_html('Version', '<pre>{}</pre>'.format(text))