1 Return-Path: <wking@tremily.us>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id B4067431FDC
\r
6 for <notmuch@notmuchmail.org>; Thu, 13 Feb 2014 08:51:06 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
8 X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References"
\r
12 X-Spam-Status: No, score=0 tagged_above=-999 required=5
\r
13 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001]
\r
15 Received: from olra.theworths.org ([127.0.0.1])
\r
16 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
17 with ESMTP id g6aYuky8fGis for <notmuch@notmuchmail.org>;
\r
18 Thu, 13 Feb 2014 08:50:59 -0800 (PST)
\r
19 Received: from QMTA11.westchester.pa.mail.comcast.net
\r
20 (qmta11.westchester.pa.mail.comcast.net [76.96.59.211])
\r
21 by olra.theworths.org (Postfix) with ESMTP id 525E1431FC2
\r
22 for <notmuch@notmuchmail.org>; Thu, 13 Feb 2014 08:50:47 -0800 (PST)
\r
23 Received: from omta20.westchester.pa.mail.comcast.net ([76.96.62.71])
\r
24 by QMTA11.westchester.pa.mail.comcast.net with comcast
\r
25 id Rpnj1n0061YDfWL5Bsqnh7; Thu, 13 Feb 2014 16:50:47 +0000
\r
26 Received: from odin.tremily.us ([24.18.63.50])
\r
27 by omta20.westchester.pa.mail.comcast.net with comcast
\r
28 id Rsom1n002152l3L3gsomUZ; Thu, 13 Feb 2014 16:48:47 +0000
\r
29 Received: from mjolnir.tremily.us (unknown [192.168.0.140])
\r
30 by odin.tremily.us (Postfix) with ESMTPS id A2FDF102DA08;
\r
31 Thu, 13 Feb 2014 08:48:45 -0800 (PST)
\r
32 Received: (nullmailer pid 17991 invoked by uid 1000);
\r
33 Thu, 13 Feb 2014 16:47:29 -0000
\r
34 From: "W. Trevor King" <wking@tremily.us>
\r
35 To: notmuch@notmuchmail.org
\r
36 Subject: [PATCH v3 5/8] nmbug-status: Escape &, <, and > in HTML display data
\r
37 Date: Thu, 13 Feb 2014 08:47:20 -0800
\r
39 <d0061c00aee8405ca66118025f034fc6f9b0281b.1392309570.git.wking@tremily.us>
\r
40 X-Mailer: git-send-email 1.8.5.2.8.g0f6c0d1
\r
41 In-Reply-To: <cover.1392309570.git.wking@tremily.us>
\r
42 References: <cover.1392309570.git.wking@tremily.us>
\r
43 In-Reply-To: <cover.1392309570.git.wking@tremily.us>
\r
44 References: <cover.1392309570.git.wking@tremily.us>
\r
45 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net;
\r
46 s=q20121106; t=1392310247;
\r
47 bh=VosB/uUJnR+iJHM9vJAxTQQkCLzOFY8hHgWpuzkG6nA=;
\r
48 h=Received:Received:Received:Received:From:To:Subject:Date:
\r
50 b=j/Sq5EHQzKGnUT/d9GzHdgf8k9Fyzk2MYf6xU6ksYG1bUUIU0aYjGb/h80B31KKFm
\r
51 X5aoRVKhoOWMIBOfkB6CfAxBto2KpHOr6anF7n2Y8WMTlPLIN5o5lDpMUR/7wy+5zQ
\r
52 H19fpUIJD92FfIMPHvJwbMw5bvFm2VkZGj0GWl+mV11BHOBWsTGtVy7eSR0SnbmWv/
\r
53 IN4F3hjZGrc4TwN5A2TKeZ3gKRcWxRdXoS/hJmJYksUNCY28rteFAKewdn5EdoROx0
\r
54 pqNDa9Jc1f8thdEwnDAnShWqnJ6FF7Rb5Md+V3LpMqehj043zXR1Y4XG4fcKOg3YKO
\r
56 Cc: Tomi Ollila <tomi.ollila@iki.fi>
\r
57 X-BeenThere: notmuch@notmuchmail.org
\r
58 X-Mailman-Version: 2.1.13
\r
60 List-Id: "Use and development of the notmuch mail system."
\r
61 <notmuch.notmuchmail.org>
\r
62 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
63 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
64 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
65 List-Post: <mailto:notmuch@notmuchmail.org>
\r
66 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
67 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
68 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
69 X-List-Received-Date: Thu, 13 Feb 2014 16:51:07 -0000
\r
71 'message-id' and 'from' now have sensitive characters escaped using
\r
72 xml.sax.saxutils.escape [1]. The 'subject' data was already being
\r
73 converted to a link into Gmane; I've escape()d that too, so it doesn't
\r
74 need to be handled ain the same block as 'message-id' and 'from'.
\r
76 This prevents broken HTML by if subjects etc. contain characters that
\r
77 would otherwise be interpreted as HTML markup.
\r
79 [1]: http://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.escape
\r
81 devel/nmbug/nmbug-status | 6 +++++-
\r
82 1 file changed, 5 insertions(+), 1 deletion(-)
\r
84 diff --git a/devel/nmbug/nmbug-status b/devel/nmbug/nmbug-status
\r
85 index 92552a4..57eec6c 100755
\r
86 --- a/devel/nmbug/nmbug-status
\r
87 +++ b/devel/nmbug/nmbug-status
\r
88 @@ -24,6 +24,7 @@ import os
\r
92 +import xml.sax.saxutils
\r
95 _ENCODING = locale.getpreferredencoding() or sys.getdefaultencoding()
\r
96 @@ -229,11 +230,14 @@ class HtmlPage (Page):
\r
97 if 'subject' in display_data and 'message-id' in display_data:
\r
99 'message-id': quote(display_data['message-id']),
\r
100 - 'subject': display_data['subject'],
\r
101 + 'subject': xml.sax.saxutils.escape(display_data['subject']),
\r
103 display_data['subject'] = (
\r
104 '<a href="http://mid.gmane.org/{message-id}">{subject}</a>'
\r
106 + for key in ['message-id', 'from']:
\r
107 + if key in display_data:
\r
108 + display_data[key] = xml.sax.saxutils.escape(display_data[key])
\r
109 return (running_data, display_data)
\r
111 def _slug(self, string):
\r