Mercurial > genshi > genshi-test
diff examples/tutorial/geddit/controller.py @ 631:e414dc0bca5c
GenshiTutorial: implement the XSS section.
author | cmlenz |
---|---|
date | Tue, 04 Sep 2007 19:20:46 +0000 |
parents | 693a7212b348 |
children | c5e5801c32ac |
line wrap: on
line diff
--- a/examples/tutorial/geddit/controller.py +++ b/examples/tutorial/geddit/controller.py @@ -4,7 +4,8 @@ import cherrypy from formencode import Invalid -from genshi.filters import HTMLFormFiller +from genshi.input import HTML +from genshi.filters import HTMLFormFiller, HTMLSanitizer from geddit.form import LinkForm, CommentForm from geddit.lib import ajax, template @@ -61,6 +62,8 @@ form = CommentForm() try: data = form.to_python(data) + markup = HTML(data['content']) | HTMLSanitizer() + data['content'] = markup.render('xhtml') comment = link.add_comment(**data) if not ajax.is_xhr(): raise cherrypy.HTTPRedirect('/info/%s' % link.id)