summaryrefslogtreecommitdiff
path: root/paste
diff options
context:
space:
mode:
Diffstat (limited to 'paste')
-rw-r--r--paste/evalexception/middleware.py6
-rw-r--r--paste/exceptions/formatter.py6
-rw-r--r--paste/url.py10
-rw-r--r--paste/urlmap.py10
-rw-r--r--paste/util/quoting.py12
-rw-r--r--paste/util/template.py4
6 files changed, 24 insertions, 24 deletions
diff --git a/paste/evalexception/middleware.py b/paste/evalexception/middleware.py
index da7876d..f41a4f5 100644
--- a/paste/evalexception/middleware.py
+++ b/paste/evalexception/middleware.py
@@ -29,7 +29,7 @@ from __future__ import print_function
import sys
import os
-import cgi
+import html
import traceback
import six
from six.moves import cStringIO as StringIO
@@ -54,7 +54,7 @@ def html_quote(v):
"""
if v is None:
return ''
- return cgi.escape(str(v), 1)
+ return html.escape(str(v), 1)
def preserve_whitespace(v, quote=True):
"""
@@ -527,7 +527,7 @@ def format_eval_html(exc_data, base_path, counter):
<div id="text_version" class="hidden-data">
<textarea style="width: 100%%" rows=10 cols=60>%s</textarea>
</div>
- """ % (short_er, full_traceback_html, cgi.escape(text_er))
+ """ % (short_er, full_traceback_html, html.escape(text_er))
def make_repost_button(environ):
url = request.construct_url(environ)
diff --git a/paste/exceptions/formatter.py b/paste/exceptions/formatter.py
index 09309de..3be07ef 100644
--- a/paste/exceptions/formatter.py
+++ b/paste/exceptions/formatter.py
@@ -7,13 +7,13 @@ Formatters for the exception data that comes from ExceptionCollector.
# @@: TODO:
# Use this: http://www.zope.org/Members/tino/VisualTraceback/VisualTracebackNews
-import cgi
+import html
import six
import re
from paste.util import PySourceColor
def html_quote(s):
- return cgi.escape(str(s), True)
+ return html.escape(str(s), True)
class AbstractFormatter(object):
@@ -463,7 +463,7 @@ def format_html(exc_data, include_hidden_frames=False, **ops):
<div id="text_version" class="hidden-data">
<textarea style="width: 100%%" rows=10 cols=60>%s</textarea>
</div>
- """ % (short_er, long_er, cgi.escape(text_er))
+ """ % (short_er, long_er, html.escape(text_er))
def format_text(exc_data, **ops):
return TextFormatter(**ops).format_collected_data(exc_data)
diff --git a/paste/url.py b/paste/url.py
index fb08d6d..653c657 100644
--- a/paste/url.py
+++ b/paste/url.py
@@ -5,7 +5,7 @@
This module implements a class for handling URLs.
"""
from six.moves.urllib.parse import parse_qsl, quote, unquote, urlencode
-import cgi
+import html
from paste import request
import six
@@ -17,7 +17,7 @@ __all__ = ["URL", "Image"]
def html_quote(v):
if v is None:
return ''
- return cgi.escape(str(v), 1)
+ return html.escape(str(v), 1)
def url_quote(v):
if v is None:
@@ -274,7 +274,7 @@ class URL(URLResource):
>>> u['//foo'].param(content='view').html
'<a href="http://localhost/view/foo">view</a>'
>>> u.param(confirm='Really?', content='goto').html
- '<a href="http://localhost/view" onclick="return confirm(\'Really?\')">goto</a>'
+ '<a href="http://localhost/view" onclick="return confirm(&#x27;Really?&#x27;)">goto</a>'
>>> u(title='See "it"', content='goto').html
'<a href="http://localhost/view?title=See+%22it%22">goto</a>'
>>> u('another', var='fuggetaboutit', content='goto').html
@@ -373,7 +373,7 @@ class Button(URLResource):
>>> u = u / 'delete'
>>> b = u.button['confirm=Sure?'](id=5, content='del')
>>> str(b)
- '<button onclick="if (confirm(\'Sure?\')) {location.href=\'/delete?id=5\'}; return false">del</button>'
+ '<button onclick="if (confirm(&#x27;Sure?&#x27;)) {location.href=&#x27;/delete?id=5&#x27;}; return false">del</button>'
"""
default_params = {'tag': 'button'}
@@ -417,7 +417,7 @@ class JSPopup(URLResource):
>>> u = u / 'view'
>>> j = u.js_popup(content='view')
>>> j.html
- '<a href="/view" onclick="window.open(\'/view\', \'_blank\'); return false" target="_blank">view</a>'
+ '<a href="/view" onclick="window.open(&#x27;/view&#x27;, &#x27;_blank&#x27;); return false" target="_blank">view</a>'
"""
default_params = {'tag': 'a', 'target': '_blank'}
diff --git a/paste/urlmap.py b/paste/urlmap.py
index f721f2d..4ba19c1 100644
--- a/paste/urlmap.py
+++ b/paste/urlmap.py
@@ -6,7 +6,7 @@ Map URL prefixes to WSGI applications. See ``URLMap``
import re
import os
-import cgi
+import html
try:
# Python 3
from collections import MutableMapping as DictMixin
@@ -114,12 +114,12 @@ class URLMap(DictMixin):
',\n '.join(map(repr, matches)))
else:
extra = ''
- extra += '\nSCRIPT_NAME: %r' % cgi.escape(environ.get('SCRIPT_NAME'))
- extra += '\nPATH_INFO: %r' % cgi.escape(environ.get('PATH_INFO'))
- extra += '\nHTTP_HOST: %r' % cgi.escape(environ.get('HTTP_HOST'))
+ extra += '\nSCRIPT_NAME: %r' % html.escape(environ.get('SCRIPT_NAME'))
+ extra += '\nPATH_INFO: %r' % html.escape(environ.get('PATH_INFO'))
+ extra += '\nHTTP_HOST: %r' % html.escape(environ.get('HTTP_HOST'))
app = httpexceptions.HTTPNotFound(
environ['PATH_INFO'],
- comment=cgi.escape(extra)).wsgi_application
+ comment=html.escape(extra)).wsgi_application
return app(environ, start_response)
def normalize_url(self, url, trim=True):
diff --git a/paste/util/quoting.py b/paste/util/quoting.py
index df0d9da..c1f635f 100644
--- a/paste/util/quoting.py
+++ b/paste/util/quoting.py
@@ -1,7 +1,7 @@
# (c) 2005 Ian Bicking and contributors; written for Paste (http://pythonpaste.org)
# Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
-import cgi
+import html
import six
import re
from six.moves import html_entities
@@ -22,17 +22,17 @@ def html_quote(v, encoding=None):
if v is None:
return ''
elif isinstance(v, six.binary_type):
- return cgi.escape(v, 1)
+ return html.escape(v, 1)
elif isinstance(v, six.text_type):
if six.PY3:
- return cgi.escape(v, 1)
+ return html.escape(v, 1)
else:
- return cgi.escape(v.encode(encoding), 1)
+ return html.escape(v.encode(encoding), 1)
else:
if six.PY3:
- return cgi.escape(six.text_type(v), 1)
+ return html.escape(six.text_type(v), 1)
else:
- return cgi.escape(six.text_type(v).encode(encoding), 1)
+ return html.escape(six.text_type(v).encode(encoding), 1)
_unquote_re = re.compile(r'&([a-zA-Z]+);')
def _entity_subber(match, name2c=html_entities.name2codepoint):
diff --git a/paste/util/template.py b/paste/util/template.py
index 5a63664..c1f22f3 100644
--- a/paste/util/template.py
+++ b/paste/util/template.py
@@ -33,7 +33,7 @@ If there are syntax errors ``TemplateError`` will be raised.
import re
import six
import sys
-import cgi
+from html import escape
from six.moves.urllib.parse import quote
from paste.util.looper import looper
@@ -322,7 +322,7 @@ def html_quote(value):
value = unicode(value)
else:
value = str(value)
- value = cgi.escape(value, 1)
+ value = escape(value, 1)
if six.PY2 and isinstance(value, unicode):
value = value.encode('ascii', 'xmlcharrefreplace')
return value