Commit 0c18ae2c authored by Tomas Hlavacek's avatar Tomas Hlavacek

Add escaping of "<something>" in TextCommand out

Escap strings that might be misinterptered as HTML tags in the output of TextCommand when default decorator (= <pre>%s</pre>) is used.
parent d811a88d
...@@ -328,9 +328,11 @@ class TextCommand(object): ...@@ -328,9 +328,11 @@ class TextCommand(object):
r='' r=''
for sl in s[session.getRange():session.getRange()+defaults.range_step+1]: for sl in s[session.getRange():session.getRange()+defaults.range_step+1]:
r += sl + "\n" r += sl + "\n"
r = r.replace('<','&lt;').replace('>','&gt;')
return ("<pre>\n%s\n</pre>" % r, len(s)) return ("<pre>\n%s\n</pre>" % r, len(s))
else: else:
return ("<pre>\n%s\n</pre>" % session.getResult(), len(str.splitlines(session.getResult()))) return ("<pre>\n%s\n</pre>" % session.getResult().replace('<','&lt;').replace('>','&gt;'),
len(str.splitlines(session.getResult())))
def getSpecialContent(self,session,**params): def getSpecialContent(self,session,**params):
raise Exception("getSpecialContet() is not implemented in ulgmodel.TextCommand.") raise Exception("getSpecialContet() is not implemented in ulgmodel.TextCommand.")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment