diff examples/tutorial/geddit/controller.py @ 631:e414dc0bca5c

GenshiTutorial: implement the XSS section.
author cmlenz
date Tue, 04 Sep 2007 19:20:46 +0000
parents 693a7212b348
children c5e5801c32ac
line wrap: on
line diff
--- a/examples/tutorial/geddit/controller.py
+++ b/examples/tutorial/geddit/controller.py
@@ -4,7 +4,8 @@
 
 import cherrypy
 from formencode import Invalid
-from genshi.filters import HTMLFormFiller
+from genshi.input import HTML
+from genshi.filters import HTMLFormFiller, HTMLSanitizer
 
 from geddit.form import LinkForm, CommentForm
 from geddit.lib import ajax, template
@@ -61,6 +62,8 @@
             form = CommentForm()
             try:
                 data = form.to_python(data)
+                markup = HTML(data['content']) | HTMLSanitizer()
+                data['content'] = markup.render('xhtml')
                 comment = link.add_comment(**data)
                 if not ajax.is_xhr():
                     raise cherrypy.HTTPRedirect('/info/%s' % link.id)
Copyright (C) 2012-2017 Edgewall Software