Hello!
In my web2py app I’m processing a list of items, where the user can click
on a link for each item to select this. An item has an UUID, a title and a
description. For a better orientation the item description is also
displayed as link title. To prevent injections by and to escape tags in the
description I’m using the XML sanitizer as follows:
A(this_item.title, \
callback = URL('item', 'select', \
vars=dict(uuid=this_item.uuid), user_signature=True), \
_title=XML(str_replace(this_item.description, {'\r\n':' ',
'<':'<', '>':'>'}), sanitize=True))
Using Python 2.7 everything was fine. Since I have switched to Python 3.6 I
have the following problem. When the description contains line breaks the
sanitizer is not working anymore. For example the following string produces
by my str_replace routine is fine to be sanitized by the XML helper under
Python 2.7 but not under Python 3.6:
Header Line1 Line2 Line3
>
Sanitizing line breaks escaped by is the problem with Python 3 (but
not with Python 2). Everything else is no problem for the XML helper to
sanitize (e.g. less than or greater than, I need these, since if there is
no description it is generated as <no description>).
How can be line breaks sanitized by the XML helper running web2py under
Python3?
Thanks for any support!
Best regards Clemens
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/319d22e0-d1be-452c-8c25-d1ec76df1a5e%40googlegroups.com.
