Repository
Correctly escape values passed to dot's html
Parent commits : 33f88c1655cbae913a34a2ee41c3a2de51a889c7,Children commits : b3ecfa9cb9f1773ae739853fe76b9359e5b0b83e,
By Laurent Defert on 2015-01-24 12:34:33
Correctly escape values passed to dot's html
Difference with parent commit 33f88c1655cbae913a34a2ee41c3a2de51a889c7
Browse contentFiles modified:
gv.py
---
+++
@@ -1,3 +1,5 @@
+import cgi
+
from output_file import OutputFile
GV_HEADER = """
@@ -18,6 +20,11 @@
super(GV, self).__init__(filename)
self.tables = []
self.minimap = minimap
+
+ def _escape(self, s):
+ # Make the string one line
+ s = str(s or '\n').splitlines()[0]
+ return cgi.escape(s)
def add_header(self):
self.write(GV_HEADER)
@@ -55,6 +62,7 @@
<TD BGCOLOR="{color}"></TD>
<TD ALIGN="left" BGCOLOR="{color}">{errors}</TD>"""
table += '</TR>'
+ errors = [self._escape(err) for err in errors]
table = table.format(name=name,
color=color,
sizes='/'.join([str(n) for n in sizes]),
@@ -82,6 +90,9 @@
default = 'nextval'
col_type += '/def:' + default
+ # Escape errors (as they can contain exeception passed when reading sqlachemy's lazy values)
+ col_errors = [self._escape(err) for err in col.errors]
+
column = """<TR>
<TD ALIGN="left" PORT="{col_id}" BGCOLOR="{color}">{column}</TD>
<TD BGCOLOR="{color}">{has_index}</TD>
@@ -97,8 +108,8 @@
'has_index': has_index,
'unique': unique,
'not_nullable': not_nullable,
- 'error': ', '.join(col.errors),
- 'error_color': 'firebrick1' if len(col.errors) else color,
+ 'error': ', '.join(col_errors),
+ 'error_color': 'firebrick1' if len(col_errors) else color,
})
self.write(column)
self.write("</TABLE>>];")