8
+ − 1 #!/usr/bin/python
+ − 2 # -*- coding: utf-8 -*-
+ − 3
+ − 4 """
+ − 5 Libervia: a Salut à Toi frontend
165
+ − 6 Copyright (C) 2011, 2012, 2013 Jérôme Poisson <goffi@goffi.org>
8
+ − 7
+ − 8 This program is free software: you can redistribute it and/or modify
+ − 9 it under the terms of the GNU Affero General Public License as published by
+ − 10 the Free Software Foundation, either version 3 of the License, or
+ − 11 (at your option) any later version.
+ − 12
+ − 13 This program is distributed in the hope that it will be useful,
+ − 14 but WITHOUT ANY WARRANTY; without even the implied warranty of
+ − 15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ − 16 GNU Affero General Public License for more details.
+ − 17
+ − 18 You should have received a copy of the GNU Affero General Public License
+ − 19 along with this program. If not, see <http://www.gnu.org/licenses/>.
+ − 20 """
+ − 21
+ − 22 def sanitizeHtml ( text ):
+ − 23 """Sanitize HTML by escaping everything"""
+ − 24 #this code comes from official python wiki: http://wiki.python.org/moin/EscapingHtml
+ − 25 html_escape_table = {
+ − 26 "&" : "&" ,
+ − 27 '"' : """ ,
+ − 28 "'" : "'" ,
+ − 29 ">" : ">" ,
+ − 30 "<" : "<" ,
+ − 31 }
+ − 32
+ − 33 return "" . join ( html_escape_table . get ( c , c ) for c in text )
+ − 34
