[Sugar-devel] [PATCH] TurtleArt - escaping HTML entities while exporting to HTML #sl1854
Walter Bender
walter.bender at gmail.com
Sat Jul 3 07:14:37 EDT 2010
On Sat, Jul 3, 2010 at 3:14 AM, Tim McNamara
<paperless at timmcnamara.co.nz> wrote:
> This patch attempts to fix http://bugs.sugarlabs.org/ticket/1854. It assumes
> that the only place where <, >, & could enter the file in a troublesome
> manner is when the TurtleArt code is being imported into the content <div>.
> Author: Tim McNamara <paperless at timmcnamara.co.nz>
> Date: Sat Jul 3 19:00:34 2010 +1200
> HTML chars escaped in TA code <, >, &
>
> This commit utilises cgi.escape to escape troublesome HTML
> entities. The only place where this function is called is
> when the Turtleart code is being extracted and presented
> in a <div>. The SVG input is assumed to be clean - escaping
> those chars would result in the XML text being rendered
> rather than the image.
>
> diff --git a/taexporthtml.py b/taexporthtml.py
> index 5a0d163..47577f0 100644
> --- a/taexporthtml.py
> +++ b/taexporthtml.py
> @@ -24,6 +24,7 @@ import gtk
> import os.path
> from tautils import data_to_string, save_picture, image_to_base64
> from gettext import gettext as _
> +from cgi import escape
>
> def save_html(self, tw, embed_flag=True):
> """ Either: Save canvas and code or pictures to HTML """
> @@ -114,7 +115,7 @@ def save_html(self, tw, embed_flag=True):
> code += (self.html_glue['img'][0] + imgdata + \
> self.html_glue['img'][1])
> code += self.html_glue['div'][0]
> - code += data_to_string(tw.assemble_data_to_save(False, True))
> + code += escape(data_to_string(tw.assemble_data_to_save(False,
> True)))
> code += self.html_glue['div'][1]
>
> if tw.running_sugar:
> _______________________________________________
> Sugar-devel mailing list
> Sugar-devel at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/sugar-devel
>
>
Thanks Tim.
I'll include this patch in the next release of TA.
-walter
--
Walter Bender
Sugar Labs
http://www.sugarlabs.org
More information about the Sugar-devel
mailing list