[diffoscope] 01/03: presenters/html.py: Don't use unsafe cgi.escape method as its ``quote`` kwarg -- which enables escaping of quotation marks -- is False by default.

Chris Lamb chris at chris-lamb.co.uk
Thu Aug 25 19:03:10 CEST 2016


This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch master
in repository diffoscope.

commit 779b6469856a5e68aeda7937afe717f66ebabca3
Author: Chris Lamb <lamby at debian.org>
Date:   Thu Aug 25 17:58:33 2016 +0100

    presenters/html.py: Don't use unsafe cgi.escape method as its ``quote`` kwarg -- which enables escaping of quotation marks -- is False by default.
    
    Signed-off-by: Chris Lamb <lamby at debian.org>
---
 diffoscope/presenters/html.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/diffoscope/presenters/html.py b/diffoscope/presenters/html.py
index be8b145..75f912d 100644
--- a/diffoscope/presenters/html.py
+++ b/diffoscope/presenters/html.py
@@ -34,8 +34,8 @@
 import io
 import os
 import re
-import cgi
 import sys
+import html
 import codecs
 import hashlib
 import contextlib
@@ -304,7 +304,7 @@ def convert(s, ponct=0, tag=''):
             t.write('<em>%s</em>' % conv)
             i += len(conv)
         else:
-            t.write(cgi.escape(c))
+            t.write(html.escape(c))
             i += 1
 
         if WORDBREAK.count(c) == 1:

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/diffoscope.git


More information about the diffoscope mailing list