[Sugar-devel] [PATCH] TurtleArt - escaping HTML entities while exporting to HTML #sl1854

Walter Bender walter.bender at gmail.com
Sat Jul 3 07:14:37 EDT 2010

Previous message: [Sugar-devel] [PATCH] TurtleArt - escaping HTML entities while exporting to HTML #sl1854
Next message: [Sugar-devel] Setting Palette delay timing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jul 3, 2010 at 3:14 AM, Tim McNamara
<paperless at timmcnamara.co.nz> wrote:
> This patch attempts to fix http://bugs.sugarlabs.org/ticket/1854. It assumes
> that the only place where <, >, & could enter the file in a troublesome
> manner is when the TurtleArt code is being imported into the content <div>.
> Author: Tim McNamara <paperless at timmcnamara.co.nz>
> Date:   Sat Jul 3 19:00:34 2010 +1200
>     HTML chars escaped in TA code <, >, &
>
>     This commit utilises cgi.escape to escape troublesome HTML
>     entities. The only place where this function is called is
>     when the Turtleart code is being extracted and presented
>     in a <div>. The SVG input is assumed to be clean - escaping
>     those chars would result in the XML text being rendered
>     rather than the image.
>
> diff --git a/taexporthtml.py b/taexporthtml.py
> index 5a0d163..47577f0 100644
> --- a/taexporthtml.py
> +++ b/taexporthtml.py
> @@ -24,6 +24,7 @@ import gtk
>  import os.path
>  from tautils import data_to_string, save_picture, image_to_base64
>  from gettext import gettext as _
> +from cgi import escape
>
>  def save_html(self, tw, embed_flag=True):
>      """ Either: Save canvas and code or pictures to HTML """
> @@ -114,7 +115,7 @@ def save_html(self, tw, embed_flag=True):
>          code += (self.html_glue['img'][0] + imgdata + \
>                   self.html_glue['img'][1])
>          code += self.html_glue['div'][0]
> -        code += data_to_string(tw.assemble_data_to_save(False, True))
> +        code += escape(data_to_string(tw.assemble_data_to_save(False,
> True)))
>          code += self.html_glue['div'][1]
>
>      if tw.running_sugar:
> _______________________________________________
> Sugar-devel mailing list
> Sugar-devel at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/sugar-devel
>
>

Thanks Tim.

I'll include this patch in the next release of TA.

-walter

-- 
Walter Bender
Sugar Labs
http://www.sugarlabs.org

Previous message: [Sugar-devel] [PATCH] TurtleArt - escaping HTML entities while exporting to HTML #sl1854
Next message: [Sugar-devel] Setting Palette delay timing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Sugar-devel mailing list