# HG changeset patch # User Dan Villiom Podlaski Christiansen # Date 2013-02-09 22:44:25 # Node ID c9d923f5d8aebe2f5f297be9dab27f2f307b086b # Parent 8aa053b99c24b3be7430b7445d3a51977fa2c4b9 minirst: CGI escape strings prior to embedding it in the HTML diff --git a/mercurial/minirst.py b/mercurial/minirst.py --- a/mercurial/minirst.py +++ b/mercurial/minirst.py @@ -22,6 +22,8 @@ import re import util, encoding from i18n import _ +import cgi + def section(s): return "%s\n%s\n\n" % (s, "\"" * encoding.colwidth(s)) @@ -524,6 +526,9 @@ def formathtml(blocks): headernest = '' listnest = [] + def escape(s): + return cgi.escape(s, True) + def openlist(start, level): if not listnest or listnest[-1][0] != start: listnest.append((start, level)) @@ -537,34 +542,34 @@ def formathtml(blocks): lines = b['lines'] if btype == 'admonition': - admonition = _admonitiontitles[b['admonitiontitle']] - text = ' '.join(map(str.strip, lines)) + admonition = escape(_admonitiontitles[b['admonitiontitle']]) + text = escape(' '.join(map(str.strip, lines))) out.append('

\n%s %s\n

\n' % (admonition, text)) elif btype == 'paragraph': - out.append('

\n%s\n

\n' % '\n'.join(lines)) + out.append('

\n%s\n

\n' % escape('\n'.join(lines))) elif btype == 'margin': pass elif btype == 'literal': - out.append('
\n%s\n
\n' % '\n'.join(lines)) + out.append('
\n%s\n
\n' % escape('\n'.join(lines))) elif btype == 'section': i = b['underline'] if i not in headernest: headernest += i level = headernest.index(i) + 1 - out.append('%s\n' % (level, lines[0], level)) + out.append('%s\n' % (level, escape(lines[0]), level)) elif btype == 'table': table = b['table'] t = [] for row in table: l = [] - for v in zip(row): - l.append('%s' % v) + for v in row: + l.append('%s' % escape(v)) t.append(' %s\n' % ''.join(l)) out.append('\n%s
\n' % ''.join(t)) elif btype == 'definition': openlist('dl', level) - term = lines[0] - text = ' '.join(map(str.strip, lines[1:])) + term = escape(lines[0]) + text = escape(' '.join(map(str.strip, lines[1:]))) out.append('
%s\n
%s\n' % (term, text)) elif btype == 'bullet': bullet, head = lines[0].split(' ', 1) @@ -572,16 +577,16 @@ def formathtml(blocks): openlist('ul', level) else: openlist('ol', level) - out.append('
  • %s\n' % ' '.join([head] + lines[1:])) + out.append('
  • %s\n' % escape(' '.join([head] + lines[1:]))) elif btype == 'field': openlist('dl', level) - key = b['key'] - text = ' '.join(map(str.strip, lines)) + key = escape(b['key']) + text = escape(' '.join(map(str.strip, lines))) out.append('
    %s\n
    %s\n' % (key, text)) elif btype == 'option': openlist('dl', level) - opt = b['optstr'] - desc = ' '.join(map(str.strip, lines)) + opt = escape(b['optstr']) + desc = escape(' '.join(map(str.strip, lines))) out.append('
    %s\n
    %s\n' % (opt, desc)) # close lists if indent level of next block is lower diff --git a/tests/test-help.t b/tests/test-help.t --- a/tests/test-help.t +++ b/tests/test-help.t @@ -1519,7 +1519,7 @@ Dish up an empty repo; serve it cold.

    The files will be added to the repository at the next commit. To - undo an add before that, see "hg forget". + undo an add before that, see "hg forget".

    If no names are given, add all files to the repository. @@ -1633,8 +1633,8 @@ Dish up an empty repo; serve it cold.

    This command schedules the files to be removed at the next commit. - To undo a remove before that, see "hg revert". To undo added - files, see "hg forget". + To undo a remove before that, see "hg revert". To undo added + files, see "hg forget".

    Returns 0 on success, 1 if any warnings encountered. @@ -1754,20 +1754,20 @@ Dish up an empty repo; serve it cold. Any other string is treated as a bookmark, tag, or branch name. A bookmark is a movable pointer to a revision. A tag is a permanent name associated with a revision. A branch name denotes the tipmost revision - of that branch. Bookmark, tag, and branch names must not contain the ":" + of that branch. Bookmark, tag, and branch names must not contain the ":" character.

    - The reserved name "tip" always identifies the most recent revision. + The reserved name "tip" always identifies the most recent revision.

    - The reserved name "null" indicates the null revision. This is the + The reserved name "null" indicates the null revision. This is the revision of an empty repository, and the parent of revision 0.

    - The reserved name "." indicates the working directory parent. If no + The reserved name "." indicates the working directory parent. If no working directory is checked out, it is equivalent to null. If an - uncommitted merge is in progress, "." is the revision of the first + uncommitted merge is in progress, "." is the revision of the first parent.

    diff --git a/tests/test-minirst.py.out b/tests/test-minirst.py.out --- a/tests/test-minirst.py.out +++ b/tests/test-minirst.py.out @@ -605,7 +605,7 @@ Please see "hg add". html format: ----------------------------------------------------------------------

    -Please see "hg add". +Please see "hg add".

    ---------------------------------------------------------------------- @@ -645,7 +645,7 @@ html format:

    Title

    Section

    Subsection

    -

    Markup: "foo" and "hg help"

    +

    Markup: "foo" and "hg help"

    ---------------------------------------------------------------------- == admonitions ==