Mercurial > genshi > mirror
comparison examples/tutorial/geddit/controller.py @ 631:e990fa05d80b trunk
GenshiTutorial: implement the XSS section.
author | cmlenz |
---|---|
date | Tue, 04 Sep 2007 19:20:46 +0000 |
parents | 9822dfff0fd5 |
children | e5c57d7611f2 |
comparison
equal
deleted
inserted
replaced
630:d03e876d9a61 | 631:e990fa05d80b |
---|---|
2 | 2 |
3 import operator, os, pickle, sys | 3 import operator, os, pickle, sys |
4 | 4 |
5 import cherrypy | 5 import cherrypy |
6 from formencode import Invalid | 6 from formencode import Invalid |
7 from genshi.filters import HTMLFormFiller | 7 from genshi.input import HTML |
8 from genshi.filters import HTMLFormFiller, HTMLSanitizer | |
8 | 9 |
9 from geddit.form import LinkForm, CommentForm | 10 from geddit.form import LinkForm, CommentForm |
10 from geddit.lib import ajax, template | 11 from geddit.lib import ajax, template |
11 from geddit.model import Link, Comment | 12 from geddit.model import Link, Comment |
12 | 13 |
59 if cancel: | 60 if cancel: |
60 raise cherrypy.HTTPRedirect('/info/%s' % link.id) | 61 raise cherrypy.HTTPRedirect('/info/%s' % link.id) |
61 form = CommentForm() | 62 form = CommentForm() |
62 try: | 63 try: |
63 data = form.to_python(data) | 64 data = form.to_python(data) |
65 markup = HTML(data['content']) | HTMLSanitizer() | |
66 data['content'] = markup.render('xhtml') | |
64 comment = link.add_comment(**data) | 67 comment = link.add_comment(**data) |
65 if not ajax.is_xhr(): | 68 if not ajax.is_xhr(): |
66 raise cherrypy.HTTPRedirect('/info/%s' % link.id) | 69 raise cherrypy.HTTPRedirect('/info/%s' % link.id) |
67 return template.render('_comment.html', comment=comment, | 70 return template.render('_comment.html', comment=comment, |
68 num=len(link.comments)) | 71 num=len(link.comments)) |