diff options
| author | Matt Singleton <matt@xcolour.net> | 2022-01-16 13:57:17 -0600 |
|---|---|---|
| committer | Matt Singleton <matt@xcolour.net> | 2022-01-16 13:57:17 -0600 |
| commit | f02368a8f9218c7aa5b1f60730aeb30a7a4f790e (patch) | |
| tree | 56b95565ab1579dce1655e788a727eefc424da95 | |
| parent | 938505844c11d5a0880de9ca738dbbc775693183 (diff) | |
escape html reserved characters in text
| -rw-r--r-- | fsm.py | 15 |
1 files changed, 8 insertions, 7 deletions
@@ -1,3 +1,4 @@ +import html import sys import urllib.parse @@ -62,18 +63,18 @@ class Parser(object): self._output.write('<ul>\n') else: if line.startswith('# '): - self._output.write('<h1>{}</h1>\n'.format(line[2:])) + self._output.write('<h1>{}</h1>\n'.format(html.escape(line[2:]))) elif line.startswith('## '): - self._output.write('<h2>{}</h2>\n'.format(line[3:])) + self._output.write('<h2>{}</h2>\n'.format(html.escape(line[3:]))) elif line.startswith('### '): - self._output.write('<h3>{}</h3>\n'.format(line[4:])) + self._output.write('<h3>{}</h3>\n'.format(html.escape(line[4:]))) elif line.startswith('> '): - self._output.write('<blockquote>{}</blockquote>\n'.format(line[2:])) + self._output.write('<blockquote>{}</blockquote>\n'.format(html.escape(line[2:]))) elif line.strip() == '': if self._blanks > 1: self._output.write('<br/>\n') else: - self._output.write('<p>{}</p>\n'.format(line)) + self._output.write('<p>{}</p>\n'.format(html.escape(line))) self._offset += 1 def pre_state(self): @@ -89,7 +90,7 @@ class Parser(object): def list_state(self): line = self._document[self._offset] if line.startswith('* '): - self._output.write('<li>{}</li>\n'.format(line[2:])) + self._output.write('<li>{}</li>\n'.format(html.escape(line[2:]))) self._offset += 1 else: self._fsm.pop_state() @@ -108,7 +109,7 @@ class Parser(object): if len(parts) == 1: text = url else: - text = parts[1] + text = html.escape(parts[1]) self._output.write('<li class="link"><a href="{}">{}</a>{}</li>\n'.format(url, text, external)) self._offset += 1 else: |