gallery.py: escape XML chars (<, &, and >) in caption paragraphs.

author W. Trevor King <wking@tremily.us>

Wed, 17 Oct 2012 22:41:59 +0000 (18:41 -0400)

committer W. Trevor King <wking@tremily.us>

Wed, 17 Oct 2012 22:43:27 +0000 (18:43 -0400)
author W. Trevor King <wking@tremily.us>
Wed, 17 Oct 2012 22:41:59 +0000 (18:41 -0400)
committer W. Trevor King <wking@tremily.us>
Wed, 17 Oct 2012 22:43:27 +0000 (18:43 -0400)
diff --git a/posts/gallery/gallery.py b/posts/gallery/gallery.py

index 806af0eb05249533a04882b5252b3f539081714a..8c7da07df942d9460b60174e39752ff06879c0a0 100755 (executable)
--- a/posts/gallery/gallery.py
+++ b/posts/gallery/gallery.py
@@ -52,6 +52,7 @@ import os.path as _os_path
  import random as _random
  import re as _re
  import subprocess as _subprocess
+import xml.sax.saxutils as _xml_sax_saxutils
  
  
  __version__ = '0.5'
@@ -426,6 +427,7 @@ class CGIGalleryServer (object):
          else:
              content.append(img)
          if caption:
+            caption = _xml_sax_saxutils.escape(caption)
              content.append('<p>{}</p>'.format(caption))
          return content
author	W. Trevor King <wking@tremily.us>
	Wed, 17 Oct 2012 22:41:59 +0000 (18:41 -0400)
committer	W. Trevor King <wking@tremily.us>
	Wed, 17 Oct 2012 22:43:27 +0000 (18:43 -0400)