[Sugar-devel] [PATCH] TurtleArt - escaping HTML entities while exporting to HTML #sl1854
Tim McNamara
paperless at timmcnamara.co.nz
Sat Jul 3 03:14:01 EDT 2010
This patch attempts to fix http://bugs.sugarlabs.org/ticket/1854. It assumes
that the only place where <, >, & could enter the file in a troublesome
manner is when the TurtleArt code is being imported into the content <div>.
Author: Tim McNamara <paperless at timmcnamara.co.nz>
Date: Sat Jul 3 19:00:34 2010 +1200
HTML chars escaped in TA code <, >, &
This commit utilises cgi.escape to escape troublesome HTML
entities. The only place where this function is called is
when the Turtleart code is being extracted and presented
in a <div>. The SVG input is assumed to be clean - escaping
those chars would result in the XML text being rendered
rather than the image.
diff --git a/taexporthtml.py b/taexporthtml.py
index 5a0d163..47577f0 100644
--- a/taexporthtml.py
+++ b/taexporthtml.py
@@ -24,6 +24,7 @@ import gtk
import os.path
from tautils import data_to_string, save_picture, image_to_base64
from gettext import gettext as _
+from cgi import escape
def save_html(self, tw, embed_flag=True):
""" Either: Save canvas and code or pictures to HTML """
@@ -114,7 +115,7 @@ def save_html(self, tw, embed_flag=True):
code += (self.html_glue['img'][0] + imgdata + \
self.html_glue['img'][1])
code += self.html_glue['div'][0]
- code += data_to_string(tw.assemble_data_to_save(False, True))
+ code += escape(data_to_string(tw.assemble_data_to_save(False,
True)))
code += self.html_glue['div'][1]
if tw.running_sugar:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sugarlabs.org/archive/sugar-devel/attachments/20100703/1b814694/attachment.htm
More information about the Sugar-devel
mailing list