allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject [42/50] git commit: [#2835] use escape instead of Markup() on solr search responses
Date Wed, 24 Apr 2013 22:31:07 GMT
[#2835] use escape instead of Markup() on solr search responses


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/62912a96
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/62912a96
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/62912a96

Branch: refs/heads/cj/5655
Commit: 62912a96ea805872dc60c67bb2e19f4f811ecaf0
Parents: bb9a502
Author: Dave Brondsema <dbrondsema@slashdotmedia.com>
Authored: Wed Apr 17 19:57:29 2013 +0000
Committer: Dave Brondsema <dbrondsema@slashdotmedia.com>
Committed: Wed Apr 24 16:34:43 2013 +0000

----------------------------------------------------------------------
 Allura/allura/lib/search.py |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/62912a96/Allura/allura/lib/search.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/search.py b/Allura/allura/lib/search.py
index 309845f..203e37a 100644
--- a/Allura/allura/lib/search.py
+++ b/Allura/allura/lib/search.py
@@ -164,11 +164,11 @@ def search_app(q='', fq=None, app=True, **kw):
                 title = h.get_first(m, 'title')
                 text = h.get_first(m, 'text')
                 if title:
-                    title = (jinja2.Markup(title)
+                    title = (jinja2.escape(title)
                                    .replace('#ALLURA-HIGHLIGHT-START#', jinja2.Markup('<strong>'))
                                    .replace('#ALLURA-HIGHLIGHT-END#', jinja2.Markup('</strong>')))
                 if text:
-                    text = (jinja2.Markup(text)
+                    text = (jinja2.escape(text)
                                   .replace('#ALLURA-HIGHLIGHT-START#', jinja2.Markup('<strong>'))
                                   .replace('#ALLURA-HIGHLIGHT-END#', jinja2.Markup('</strong>')))
                 doc['title_match'] = title


Mime
View raw message