(Arne Babenhauserheide)
2012-10-30: htmlescape the bug listing. write-bug-details-1d631d51ff06b3bdca50e21da3d6a00bcb801c85 htmlescape the bug listing.
diff --git a/staticsite.py b/staticsite.py
--- a/staticsite.py
+++ b/staticsite.py
@@ -551,6 +551,19 @@ def writecommits(ui, repo, target, name,
cf.write("<pre>"+ui.popbuffer().replace("<", "<")+"</pre>")
cf.write(templates["foot"].replace("{reponame}", "<a href='../'>"+name+"</a>"))
+#: html escape codes thanks to http://wiki.python.org/moin/EscapingHtml
+htmlescapetable = {
+ "&": "&",
+ '"': """,
+ "'": "'",
+ ">": ">",
+ "<": "<",
+ }
+
+def htmlescape(text):
+ """Produce entities within text."""
+ return "".join(htmlescapetable.get(c,c) for c in text)
+
def writebugs(ui, repo, target, name):
"""Write bug information, a listing and the details for each bug."""
bugdir = os.path.join(target, "bugs")
@@ -565,11 +578,11 @@ def writebugs(ui, repo, target, name):
bugslist = os.path.join(bugdir, "index.html")
content = "<h2>Open Bugs</h2>\n<ul>"
for bug in openbugs:
- content += "<li><a href=\"" + bug.fullid + ".html\">" + bug.shortid + "</a> - " + bug.description + "</li>\n"
+ content += "<li><a href=\"" + bug.fullid + ".html\">" + bug.shortid + "</a> - " + htmlescape(bug.description) + "</li>\n"
content += "</ul>\n"
content += "<h2>Resolved Bugs</h2>\n<ul>"
for bug in resolvedbugs:
- content += "<li><a href=\"" + bug.fullid + ".html\">" + bug.shortid + "</a> - " + bug.description + "</li>\n"
+ content += "<li><a href=\"" + bug.fullid + ".html\">" + bug.shortid + "</a> - " + htmlescape(bug.description) + "</li>\n"
content += "</ul>\n"
with open(bugslist, "w") as f:
f.write(templates["head"].replace("{reponame}", "<a href='../'>"+name+"</a>").replace("{title}", name))