incubator-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From br...@apache.org
Subject svn commit: r1437858 - /incubator/public/trunk/incuvoter/votestatus.py
Date Thu, 24 Jan 2013 04:30:36 GMT
Author: brane
Date: Thu Jan 24 04:30:36 2013
New Revision: 1437858

URL: http://svn.apache.org/viewvc?rev=1437858&view=rev
Log:
Votestatus: HTML-escape strings interpolated into the page template.

Modified:
    incubator/public/trunk/incuvoter/votestatus.py

Modified: incubator/public/trunk/incuvoter/votestatus.py
URL: http://svn.apache.org/viewvc/incubator/public/trunk/incuvoter/votestatus.py?rev=1437858&r1=1437857&r2=1437858&view=diff
==============================================================================
--- incubator/public/trunk/incuvoter/votestatus.py (original)
+++ incubator/public/trunk/incuvoter/votestatus.py Thu Jan 24 04:30:36 2013
@@ -28,6 +28,7 @@ Status: Pre-Alpha, under construction.
 from __future__ import absolute_import
 
 import os, sys
+import cgi
 import datetime
 
 sys.path.insert(0, os.path.dirname(__file__))
@@ -120,10 +121,6 @@ __closed_row = """\
     </tr>"""
 
 
-def __htmlescape(text):
-    #FIXME: TODO:
-    return text
-
 def refresh_page(target, database):
     current = []
     for vote in database.list_open_votes():
@@ -142,9 +139,9 @@ def refresh_page(target, database):
                 klass = 'nag'
         current.append(__current_row
                        % dict(klass = klass,
-                              subject = __htmlescape(vote.subject),
-                              updated = __htmlescape(vote.timefmt(updated)),
-                              noticed = __htmlescape(vote.timefmt(noticed))))
+                              subject = cgi.escape(vote.subject),
+                              updated = cgi.escape(vote.timefmt(updated)),
+                              noticed = cgi.escape(vote.timefmt(noticed))))
     if current:
         current = __current_table % '\n'.join(current)
     else:
@@ -161,9 +158,9 @@ def refresh_page(target, database):
             klass = 'normal'
         resolved.append(__closed_row
                         % dict(klass = klass,
-                               subject = __htmlescape(vote.subject),
-                               noticed = __htmlescape(vote.timefmt(noticed)),
-                               closed = __htmlescape(vote.timefmt(closed))))
+                               subject = cgi.escape(vote.subject),
+                               noticed = cgi.escape(vote.timefmt(noticed)),
+                               closed = cgi.escape(vote.timefmt(closed))))
     if resolved:
         resolved = __closed_table % '\n'.join(resolved)
     else:



---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@incubator.apache.org
For additional commands, e-mail: cvs-help@incubator.apache.org


Mime
View raw message