From: W. Trevor King <wking@tremily.us>
Date: Wed, 17 Oct 2012 22:41:59 +0000 (-0400)
Subject: gallery.py: escape XML chars (<, &, and >) in caption paragraphs.
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=ecd241e142c5662af50ad98efa54f07ac2443218;p=blog.git

gallery.py: escape XML chars (<, &, and >) in caption paragraphs.
---

diff --git a/posts/gallery/gallery.py b/posts/gallery/gallery.py
index 806af0e..8c7da07 100755
--- a/posts/gallery/gallery.py
+++ b/posts/gallery/gallery.py
@@ -52,6 +52,7 @@ import os.path as _os_path
 import random as _random
 import re as _re
 import subprocess as _subprocess
+import xml.sax.saxutils as _xml_sax_saxutils
 
 
 __version__ = '0.5'
@@ -426,6 +427,7 @@ class CGIGalleryServer (object):
         else:
             content.append(img)
         if caption:
+            caption = _xml_sax_saxutils.escape(caption)
             content.append('<p>{}</p>'.format(caption))
         return content