chiark
/
gitweb
/
~mdw
/
chopwood
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
cgi.py: Escape quote signs in `htmlescape' and `html_quotify'.
[chopwood]
/
cgi.py
diff --git
a/cgi.py
b/cgi.py
index 0bd66cc5ff642049b378cec4f3e41d6ff80202ba..531a49cbf9df6331b9b6435476665e0bdeb82967 100644
(file)
--- a/
cgi.py
+++ b/
cgi.py
@@
-59,7
+59,7
@@
CONF.DEFAULTS.update(
## Some handy regular expressions.
R_URLESC = RX.compile('%([0-9a-fA-F]{2})')
R_URLBAD = RX.compile('[^-\\w,.!]')
## Some handy regular expressions.
R_URLESC = RX.compile('%([0-9a-fA-F]{2})')
R_URLBAD = RX.compile('[^-\\w,.!]')
-R_HTMLBAD = RX.compile('[&<>]')
+R_HTMLBAD = RX.compile('[&<>
\'"
]')
def urldecode(s):
"""Decode a single form-url-encoded string S."""
def urldecode(s):
"""Decode a single form-url-encoded string S."""
@@
-77,17
+77,18
@@
def htmlescape(s):
## Some standard character sequences, and HTML entity names for prettier
## versions.
## Some standard character sequences, and HTML entity names for prettier
## versions.
-_quotify = U.StringSubst({
+html_quotify = U.StringSubst({
+ "<": '<',
+ ">": '>',
+ "&": '&',
"`": '‘',
"'": '’',
"`": '‘',
"'": '’',
+ '"': '"',
"``": '“',
"''": '”',
"--": '–',
"---": '—'
})
"``": '“',
"''": '”',
"--": '–',
"---": '—'
})
-def html_quotify(s):
- """Return a pretty HTML version of S."""
- return _quotify(htmlescape(s))
###--------------------------------------------------------------------------
### Output machinery.
###--------------------------------------------------------------------------
### Output machinery.
~mdw / chopwood / blobdiff