[diffoscope] 01/03: presenters/html.py: Don't use unsafe cgi.escape method as its ``quote`` kwarg -- which enables escaping of quotation marks -- is False by default.
Chris Lamb
chris at chris-lamb.co.uk
Thu Aug 25 19:03:10 CEST 2016
This is an automated email from the git hooks/post-receive script.
lamby pushed a commit to branch master
in repository diffoscope.
commit 779b6469856a5e68aeda7937afe717f66ebabca3
Author: Chris Lamb <lamby at debian.org>
Date: Thu Aug 25 17:58:33 2016 +0100
presenters/html.py: Don't use unsafe cgi.escape method as its ``quote`` kwarg -- which enables escaping of quotation marks -- is False by default.
Signed-off-by: Chris Lamb <lamby at debian.org>
---
diffoscope/presenters/html.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/diffoscope/presenters/html.py b/diffoscope/presenters/html.py
index be8b145..75f912d 100644
--- a/diffoscope/presenters/html.py
+++ b/diffoscope/presenters/html.py
@@ -34,8 +34,8 @@
import io
import os
import re
-import cgi
import sys
+import html
import codecs
import hashlib
import contextlib
@@ -304,7 +304,7 @@ def convert(s, ponct=0, tag=''):
t.write('<em>%s</em>' % conv)
i += len(conv)
else:
- t.write(cgi.escape(c))
+ t.write(html.escape(c))
i += 1
if WORDBREAK.count(c) == 1:
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/diffoscope.git
More information about the diffoscope
mailing list