Escape URL strings in news.html

author: Ben Longbons <b.r.longbons@gmail.com> 2013-06-14 10:52:20 -0700
committer: Ben Longbons <b.r.longbons@gmail.com> 2013-06-14 10:52:52 -0700
commit: 58bdb8247e03630fad1b25cdb0d7dce697e8c29d (patch)
tree: 6226a1104933a1aaba14aadac1c4f21fc89cd82b /tools
parent: c095b1bb900459b38813ba738914df8c5287b3c9 (diff)
download: serverdata-58bdb8247e03630fad1b25cdb0d7dce697e8c29d.tar.gz
serverdata-58bdb8247e03630fad1b25cdb0d7dce697e8c29d.tar.bz2
serverdata-58bdb8247e03630fad1b25cdb0d7dce697e8c29d.tar.xz
serverdata-58bdb8247e03630fad1b25cdb0d7dce697e8c29d.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/tools/_news_colors.py b/tools/_news_colors.py
index 8b0c00b9..e98f73bf 100644
--- a/tools/_news_colors.py
+++ b/tools/_news_colors.py
@@ -20,6 +20,8 @@
 ##    You should have received a copy of the GNU General Public License
 ##    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import cgi
+
 __all__ = ['make_html_colors_dict', 'make_txt_colors_dict']
 
 class Color(object):
@@ -49,6 +51,7 @@ class HtmlDate(object):
 class HtmlLink(object):
     __slots__ = ()
     def __format__(self, target):
+        target = cgi.escape(target, True)
         return '<a href="%s">%s</a>' % (target, target)
 
 class HtmlSignature(object):
author	Ben Longbons <b.r.longbons@gmail.com>	2013-06-14 10:52:20 -0700
committer	Ben Longbons <b.r.longbons@gmail.com>	2013-06-14 10:52:52 -0700
commit	58bdb8247e03630fad1b25cdb0d7dce697e8c29d (patch)
tree	6226a1104933a1aaba14aadac1c4f21fc89cd82b /tools
parent	c095b1bb900459b38813ba738914df8c5287b3c9 (diff)
download	serverdata-58bdb8247e03630fad1b25cdb0d7dce697e8c29d.tar.gz serverdata-58bdb8247e03630fad1b25cdb0d7dce697e8c29d.tar.bz2 serverdata-58bdb8247e03630fad1b25cdb0d7dce697e8c29d.tar.xz serverdata-58bdb8247e03630fad1b25cdb0d7dce697e8c29d.zip