free
/
searx
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[enh] central html escaping of results

Adam Tauber 8 years ago
parent
7e1f27e459
commit
ef2ef7974a
1 changed files with 4 additions and 3 deletions
Split View Show Diff Stats
  1. 4
    3
      searx/webapp.py

+ 4
- 3
searx/webapp.py View File 

@@ -40,7 +40,7 @@ except:
40 40 
     logger.critical("cannot import dependency: pygments")
41 41 
     from sys import exit
42 42 
     exit(1)
43 
-
43 
+from cgi import escape
44 44 
 from datetime import datetime, timedelta
45 45 
 from urllib import urlencode
46 46 
 from urlparse import urlparse, urljoin
 
@@ -433,8 +433,9 @@ def index():
433 433 
     for result in results:
434 434 
         if output_format == 'html':
435 435 
             if 'content' in result and result['content']:
436 
-                result['content'] = highlight_content(result['content'][:1024], search_query.query.encode('utf-8'))
437 
-            result['title'] = highlight_content(result['title'], search_query.query.encode('utf-8'))
436 
+                result['content'] = highlight_content(escape(result['content'][:1024]),
437 
+                                                      search_query.query.encode('utf-8'))
438 
+            result['title'] = highlight_content(escape(result['title']), search_query.query.encode('utf-8'))
438 439 
         else:
439 440 
             if result.get('content'):
440 441 
                 result['content'] = html_to_text(result['content']).strip()