[enh] central html escaping of results

This commit is contained in:
Adam Tauber 2016-12-09 19:10:33 +01:00
parent 7e1f27e459
commit ef2ef7974a

View file

@ -40,7 +40,7 @@ except:
logger.critical("cannot import dependency: pygments") logger.critical("cannot import dependency: pygments")
from sys import exit from sys import exit
exit(1) exit(1)
from cgi import escape
from datetime import datetime, timedelta from datetime import datetime, timedelta
from urllib import urlencode from urllib import urlencode
from urlparse import urlparse, urljoin from urlparse import urlparse, urljoin
@ -433,8 +433,9 @@ def index():
for result in results: for result in results:
if output_format == 'html': if output_format == 'html':
if 'content' in result and result['content']: if 'content' in result and result['content']:
result['content'] = highlight_content(result['content'][:1024], search_query.query.encode('utf-8')) result['content'] = highlight_content(escape(result['content'][:1024]),
result['title'] = highlight_content(result['title'], search_query.query.encode('utf-8')) search_query.query.encode('utf-8'))
result['title'] = highlight_content(escape(result['title']), search_query.query.encode('utf-8'))
else: else:
if result.get('content'): if result.get('content'):
result['content'] = html_to_text(result['content']).strip() result['content'] = html_to_text(result['content']).strip()