Sfoglia il codice sorgente

[enh] central html escaping of results

Adam Tauber 8 anni fa
parent
commit
ef2ef7974a
1 ha cambiato i file con 4 aggiunte e 3 eliminazioni
  1. 4
    3
      searx/webapp.py

+ 4
- 3
searx/webapp.py Vedi File

@@ -40,7 +40,7 @@ except:
40 40
     logger.critical("cannot import dependency: pygments")
41 41
     from sys import exit
42 42
     exit(1)
43
-
43
+from cgi import escape
44 44
 from datetime import datetime, timedelta
45 45
 from urllib import urlencode
46 46
 from urlparse import urlparse, urljoin
@@ -433,8 +433,9 @@ def index():
433 433
     for result in results:
434 434
         if output_format == 'html':
435 435
             if 'content' in result and result['content']:
436
-                result['content'] = highlight_content(result['content'][:1024], search_query.query.encode('utf-8'))
437
-            result['title'] = highlight_content(result['title'], search_query.query.encode('utf-8'))
436
+                result['content'] = highlight_content(escape(result['content'][:1024]),
437
+                                                      search_query.query.encode('utf-8'))
438
+            result['title'] = highlight_content(escape(result['title']), search_query.query.encode('utf-8'))
438 439
         else:
439 440
             if result.get('content'):
440 441
                 result['content'] = html_to_text(result['content']).strip()