mirror of
https://github.com/f-droid/fdroidserver.git
synced 2025-11-05 15:00:30 +03:00
metadata: switch from deprecated cgi.escape to html.escape
cgi.escape is deprecated in Python 3.x and has security issues: https://bugs.python.org/issue26398 html.escape() differs from cgi.escape() by its defaults to quote=True: s = html.escape( """& < " ' >""" ) # s = '& < " ' >'
This commit is contained in:
Hans-Christoph Steiner
parent
ee57285817
commit
84bb41a91f
1 changed files with 8 additions and 8 deletions
|
|
@ -21,7 +21,7 @@ import json
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
import glob
|
import glob
|
||||||
import cgi
|
import html
|
||||||
import logging
|
import logging
|
||||||
import textwrap
|
import textwrap
|
||||||
import io
|
import io
|
||||||
|
|
@ -492,10 +492,10 @@ class DescriptionFormatter:
|
||||||
self.laststate = self.state
|
self.laststate = self.state
|
||||||
self.state = self.stNONE
|
self.state = self.stNONE
|
||||||
|
|
||||||
def formatted(self, txt, html):
|
def formatted(self, txt, htmlbody):
|
||||||
res = ''
|
res = ''
|
||||||
if html:
|
if htmlbody:
|
||||||
txt = cgi.escape(txt)
|
txt = html.escape(txt, quote=False)
|
||||||
while True:
|
while True:
|
||||||
index = txt.find("''")
|
index = txt.find("''")
|
||||||
if index == -1:
|
if index == -1:
|
||||||
|
|
@ -503,7 +503,7 @@ class DescriptionFormatter:
|
||||||
res += txt[:index]
|
res += txt[:index]
|
||||||
txt = txt[index:]
|
txt = txt[index:]
|
||||||
if txt.startswith("'''"):
|
if txt.startswith("'''"):
|
||||||
if html:
|
if htmlbody:
|
||||||
if self.bold:
|
if self.bold:
|
||||||
res += '</b>'
|
res += '</b>'
|
||||||
else:
|
else:
|
||||||
|
|
@ -511,7 +511,7 @@ class DescriptionFormatter:
|
||||||
self.bold = not self.bold
|
self.bold = not self.bold
|
||||||
txt = txt[3:]
|
txt = txt[3:]
|
||||||
else:
|
else:
|
||||||
if html:
|
if htmlbody:
|
||||||
if self.ital:
|
if self.ital:
|
||||||
res += '</i>'
|
res += '</i>'
|
||||||
else:
|
else:
|
||||||
|
|
@ -538,7 +538,7 @@ class DescriptionFormatter:
|
||||||
url, urltext = self.linkResolver(url)
|
url, urltext = self.linkResolver(url)
|
||||||
else:
|
else:
|
||||||
urltext = url
|
urltext = url
|
||||||
res_html += '<a href="' + url + '">' + cgi.escape(urltext) + '</a>'
|
res_html += '<a href="' + url + '">' + html.escape(urltext, quote=False) + '</a>'
|
||||||
res_plain += urltext
|
res_plain += urltext
|
||||||
txt = txt[index + 2:]
|
txt = txt[index + 2:]
|
||||||
else:
|
else:
|
||||||
|
|
@ -554,7 +554,7 @@ class DescriptionFormatter:
|
||||||
url = url[:index2]
|
url = url[:index2]
|
||||||
if url == urltxt:
|
if url == urltxt:
|
||||||
warn_or_exception("Url title is just the URL - use [url]")
|
warn_or_exception("Url title is just the URL - use [url]")
|
||||||
res_html += '<a href="' + url + '">' + cgi.escape(urltxt) + '</a>'
|
res_html += '<a href="' + url + '">' + html.escape(urltxt, quote=False) + '</a>'
|
||||||
res_plain += urltxt
|
res_plain += urltxt
|
||||||
if urltxt != url:
|
if urltxt != url:
|
||||||
res_plain += ' (' + url + ')'
|
res_plain += ' (' + url + ')'
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue