[Sugar-devel] [PATCH] TurtleArt - escaping HTML entities while exporting to HTML #sl1854
This patch attempts to fix http://bugs.sugarlabs.org/ticket/1854. It assumes that the only place where , , could enter the file in a troublesome manner is when the TurtleArt code is being imported into the content div. Author: Tim McNamara paperl...@timmcnamara.co.nz Date: Sat Jul 3 19:00:34 2010 +1200 HTML chars escaped in TA code , , This commit utilises cgi.escape to escape troublesome HTML entities. The only place where this function is called is when the Turtleart code is being extracted and presented in a div. The SVG input is assumed to be clean - escaping those chars would result in the XML text being rendered rather than the image. diff --git a/taexporthtml.py b/taexporthtml.py index 5a0d163..47577f0 100644 --- a/taexporthtml.py +++ b/taexporthtml.py @@ -24,6 +24,7 @@ import gtk import os.path from tautils import data_to_string, save_picture, image_to_base64 from gettext import gettext as _ +from cgi import escape def save_html(self, tw, embed_flag=True): Either: Save canvas and code or pictures to HTML @@ -114,7 +115,7 @@ def save_html(self, tw, embed_flag=True): code += (self.html_glue['img'][0] + imgdata + \ self.html_glue['img'][1]) code += self.html_glue['div'][0] -code += data_to_string(tw.assemble_data_to_save(False, True)) +code += escape(data_to_string(tw.assemble_data_to_save(False, True))) code += self.html_glue['div'][1] if tw.running_sugar: ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [PATCH] TurtleArt - escaping HTML entities while exporting to HTML #sl1854
Excerpts from Tim McNamara's message of Sat Jul 03 07:14:01 + 2010: [taexporthtml.py] +from cgi import escape [...] -code += data_to_string(tw.assemble_data_to_save(False, True)) +code += escape(data_to_string(tw.assemble_data_to_save(False, True))) I don't grok the current code 100%, but your change appears to be correct and complete. Reviewed-By: Sascha Silbe sascha-ml-reply-to-201...@silbe.org Sascha -- http://sascha.silbe.org/ http://www.infra-silbe.de/ signature.asc Description: PGP signature ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [PATCH] TurtleArt - escaping HTML entities while exporting to HTML #sl1854
On Sat, Jul 3, 2010 at 3:14 AM, Tim McNamara paperl...@timmcnamara.co.nz wrote: This patch attempts to fix http://bugs.sugarlabs.org/ticket/1854. It assumes that the only place where , , could enter the file in a troublesome manner is when the TurtleArt code is being imported into the content div. Author: Tim McNamara paperl...@timmcnamara.co.nz Date: Sat Jul 3 19:00:34 2010 +1200 HTML chars escaped in TA code , , This commit utilises cgi.escape to escape troublesome HTML entities. The only place where this function is called is when the Turtleart code is being extracted and presented in a div. The SVG input is assumed to be clean - escaping those chars would result in the XML text being rendered rather than the image. diff --git a/taexporthtml.py b/taexporthtml.py index 5a0d163..47577f0 100644 --- a/taexporthtml.py +++ b/taexporthtml.py @@ -24,6 +24,7 @@ import gtk import os.path from tautils import data_to_string, save_picture, image_to_base64 from gettext import gettext as _ +from cgi import escape def save_html(self, tw, embed_flag=True): Either: Save canvas and code or pictures to HTML @@ -114,7 +115,7 @@ def save_html(self, tw, embed_flag=True): code += (self.html_glue['img'][0] + imgdata + \ self.html_glue['img'][1]) code += self.html_glue['div'][0] - code += data_to_string(tw.assemble_data_to_save(False, True)) + code += escape(data_to_string(tw.assemble_data_to_save(False, True))) code += self.html_glue['div'][1] if tw.running_sugar: ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel Thanks Tim. I'll include this patch in the next release of TA. -walter -- Walter Bender Sugar Labs http://www.sugarlabs.org ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
