Escape URL strings in news.html

author: Ben Longbons <b.r.longbons@gmail.com> 2013-06-14 10:52:20 -0700
committer: Ben Longbons <b.r.longbons@gmail.com> 2013-06-14 10:52:52 -0700
commit: 9c8e68f8923194d5cb2d0337227deacdf9f867bf (patch)
tree: 905597007c4fe902c621d2445c4f61801f7ed30f
parent: 09e183bbe00971b57f29a88431e36ea7139c4e7a (diff)
download: tools-9c8e68f8923194d5cb2d0337227deacdf9f867bf.tar.gz
tools-9c8e68f8923194d5cb2d0337227deacdf9f867bf.tar.bz2
tools-9c8e68f8923194d5cb2d0337227deacdf9f867bf.tar.xz
tools-9c8e68f8923194d5cb2d0337227deacdf9f867bf.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/_news_colors.py b/_news_colors.py
index 8b0c00b..e98f73b 100644
--- a/_news_colors.py
+++ b/_news_colors.py
@@ -20,6 +20,8 @@
 ##    You should have received a copy of the GNU General Public License
 ##    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import cgi
+
 __all__ = ['make_html_colors_dict', 'make_txt_colors_dict']
 
 class Color(object):
@@ -49,6 +51,7 @@ class HtmlDate(object):
 class HtmlLink(object):
     __slots__ = ()
     def __format__(self, target):
+        target = cgi.escape(target, True)
         return '<a href="%s">%s</a>' % (target, target)
 
 class HtmlSignature(object):
author	Ben Longbons <b.r.longbons@gmail.com>	2013-06-14 10:52:20 -0700
committer	Ben Longbons <b.r.longbons@gmail.com>	2013-06-14 10:52:52 -0700
commit	9c8e68f8923194d5cb2d0337227deacdf9f867bf (patch)
tree	905597007c4fe902c621d2445c4f61801f7ed30f
parent	09e183bbe00971b57f29a88431e36ea7139c4e7a (diff)
download	tools-9c8e68f8923194d5cb2d0337227deacdf9f867bf.tar.gz tools-9c8e68f8923194d5cb2d0337227deacdf9f867bf.tar.bz2 tools-9c8e68f8923194d5cb2d0337227deacdf9f867bf.tar.xz tools-9c8e68f8923194d5cb2d0337227deacdf9f867bf.zip