| author | Leandro Lucarella
<luca@llucax.com.ar> 2008-08-06 20:24:56 UTC |
| committer | Alberto Bertogli
<albertito@blitiri.com.ar> 2008-08-08 22:53:20 UTC |
| parent | f6698d8747bf7f697b54834e5a9272f497354f20 |
| blitiri.cgi | +10 | -4 |
diff --git a/blitiri.cgi b/blitiri.cgi index 75e1a0c..4552ed1 100755 --- a/blitiri.cgi +++ b/blitiri.cgi @@ -202,7 +202,7 @@ div.section h1 { """ -# helper function +# helper functions def rst_to_html(rst): settings = { 'input_encoding': encoding, @@ -212,6 +212,12 @@ def rst_to_html(rst): writer_name = "html") return parts['body'].encode('utf8') +def sanitize(obj): + if isinstance(obj, basestring): + return cgi.escape(obj, True) + return obj + + # find out our URL, needed for syndication try: n = os.environ['SERVER_NAME'] @@ -358,8 +364,8 @@ class Article (object): def to_vars(self): return { - 'arttitle': self.title, - 'author': self.author, + 'arttitle': sanitize(self.title), + 'author': sanitize(self.author), 'date': self.created.isoformat(' '), 'uuid': self.uuid, 'tags': self.get_tags_links(), @@ -389,7 +395,7 @@ class Article (object): tags.sort() for t in tags: l.append('<a class="tag" href="%s/tag/%s">%s</a>' % \ - (blog_url, urllib.quote(t), t) ) + (blog_url, urllib.quote(t), sanitize(t) )) return ', '.join(l)