<div><div>This patch attempts to fix <a href="http://bugs.sugarlabs.org/ticket/1854">http://bugs.sugarlabs.org/ticket/1854</a>. It assumes that the only place where <, >, & could enter the file in a troublesome manner is when the TurtleArt code is being imported into the content <div>. </div> <div><br></div><div>Author: Tim McNamara <<a href="mailto:paperless@timmcnamara.co.nz">paperless@timmcnamara.co.nz</a>></div><div>Date: Sat Jul 3 19:00:34 2010 +1200</div><div><br></div><div> HTML chars escaped in TA code <, >, &</div> <div> </div><div> This commit utilises cgi.escape to escape troublesome HTML</div><div> entities. The only place where this function is called is</div><div> when the Turtleart code is being extracted and presented</div> <div> in a <div>. The SVG input is assumed to be clean - escaping</div><div> those chars would result in the XML text being rendered</div><div> rather than the image.</div></div><div><br></div><div><br></div> <div><font class="Apple-style-span" face="'courier new', monospace">diff --git a/taexporthtml.py b/taexporthtml.py</font></div><div><font class="Apple-style-span" face="'courier new', monospace">index 5a0d163..47577f0 100644</font></div> <div><font class="Apple-style-span" face="'courier new', monospace">--- a/taexporthtml.py</font></div><div><font class="Apple-style-span" face="'courier new', monospace">+++ b/taexporthtml.py</font></div><div> <font class="Apple-style-span" face="'courier new', monospace">@@ -24,6 +24,7 @@ import gtk</font></div><div><font class="Apple-style-span" face="'courier new', monospace"> import os.path</font></div><div> <font class="Apple-style-span" face="'courier new', monospace"> from tautils import data_to_string, save_picture, image_to_base64</font></div><div><font class="Apple-style-span" face="'courier new', monospace"> from gettext import gettext as _</font></div> <div><font class="Apple-style-span" face="'courier new', monospace">+from cgi import escape</font></div><div><font class="Apple-style-span" face="'courier new', monospace"> </font></div><div><font class="Apple-style-span" face="'courier new', monospace"> def save_html(self, tw, embed_flag=True):</font></div> <div><font class="Apple-style-span" face="'courier new', monospace"> """ Either: Save canvas and code or pictures to HTML """</font></div><div><font class="Apple-style-span" face="'courier new', monospace">@@ -114,7 +115,7 @@ def save_html(self, tw, embed_flag=True):</font></div> <div><font class="Apple-style-span" face="'courier new', monospace"> code += (self.html_glue['img'][0] + imgdata + \</font></div><div><font class="Apple-style-span" face="'courier new', monospace"> self.html_glue['img'][1])</font></div> <div><font class="Apple-style-span" face="'courier new', monospace"> code += self.html_glue['div'][0]</font></div><div><font class="Apple-style-span" face="'courier new', monospace">- code += data_to_string(tw.assemble_data_to_save(False, True))</font></div> <div><font class="Apple-style-span" face="'courier new', monospace">+ code += escape(data_to_string(tw.assemble_data_to_save(False, True)))</font></div><div><font class="Apple-style-span" face="'courier new', monospace"> code += self.html_glue['div'][1]</font></div> <div><font class="Apple-style-span" face="'courier new', monospace"> </font></div><div><font class="Apple-style-span" face="'courier new', monospace"> if tw.running_sugar:</font></div>