Menu

#19 Ampersands in folder/file names not escaped in HTML

open
nobody
None
5
2007-03-25
2007-03-25
No

enda's HTML output doesn't escape ampersands in directory names or file names.

I've got an artist name with an ampersand in it causing the HTML edna puts out to not validate (the nested tables hack for padding in the default.ezt is another thing entirely).

The fix is simple- just escape the file/directory name in the 2 places where subdirs.append() is used.

Change:
text=name

To:
text=cgi.escape(name)

Not sure if there's much point in even attaching something so simple, but I made a diff of the changes needed and have attached it.

Discussion

  • Nicholas J. Stenz

    Patch to escape ampersands in filenames to HTML entity

     
  • Nicholas J. Stenz

    Logged In: YES
    user_id=720585
    Originator: YES

    I see now that there are other objects (this is my first time looking at Python, so I'm not sure if they're collections or what) besides subdirs that need to have the .append lines fixed as well. I guess those need to be fixed too.

     

Log in to post a comment.