Changeset 13808 for main/waeup.ikoba/trunk/src/waeup/ikoba/browser/pages.py

Timestamp:

6 Apr 2016, 11:17:16 (9 years ago)

Author:

Henrik Bettermann

Message:

Escape HTML in Logfiles when displayed in Browser.

When logfiles are displayed in datacenter, included
HTML tags should show up as tags and not be rendered
by the browser. We therefore cgi.escape logfile
contents.

See r13495 and r13496.

File:

• main/waeup.ikoba/trunk/src/waeup/ikoba/browser/pages.py (modified) (2 diffs)

main/waeup.ikoba/trunk/src/waeup/ikoba/browser/pages.py

@@ -20 +20 @@
 # XXX: All csv ops should move to a dedicated module soon
 import unicodecsv as csv
+import cgi
 import grok
 import os
@@ -1561 +1562 @@
             return
         try:
-            self.result = ''.join(
-                self.context.queryLogfiles(logname, query))
+            self.result = cgi.escape(
+                ''.join(self.context.queryLogfiles(logname, query)))
         except ValueError:
             self.flash(_('Invalid search expression.'), type='danger')