diff options
| author | Ian Bicking <ianb@colorstudy.com> | 2010-09-14 10:57:29 -0500 |
|---|---|---|
| committer | Ian Bicking <ianb@colorstudy.com> | 2010-09-14 10:57:29 -0500 |
| commit | 2f43ca51972a0cfa19b8dfedb38aa1eca3d21d79 (patch) | |
| tree | 4c553cbecc5a9a2d65d7738023be9fdd7b7a85e1 /paste | |
| parent | f135179046751bd421eba341cc56da0c984dbea8 (diff) | |
| download | paste-2f43ca51972a0cfa19b8dfedb38aa1eca3d21d79.tar.gz | |
Just a bit more paranoia in quoting comments, though I wasn't able to reproduce any actual issue
Diffstat (limited to 'paste')
| -rw-r--r-- | paste/httpexceptions.py | 2 | ||||
| -rw-r--r-- | paste/util/quoting.py | 9 |
2 files changed, 9 insertions, 2 deletions
diff --git a/paste/httpexceptions.py b/paste/httpexceptions.py index 208d5cf..ede4f7e 100644 --- a/paste/httpexceptions.py +++ b/paste/httpexceptions.py @@ -212,7 +212,7 @@ class HTTPException(Exception): def plain(self, environ): """ text/plain representation of the exception """ - body = self.make_body(environ, strip_html(self.template), comment_quote) + body = self.make_body(environ, strip_html(self.template), no_quote, comment_quote) return ('%s %s\r\n%s\r\n' % (self.code, self.title, body)) def html(self, environ): diff --git a/paste/util/quoting.py b/paste/util/quoting.py index 582cc40..6184752 100644 --- a/paste/util/quoting.py +++ b/paste/util/quoting.py @@ -77,11 +77,18 @@ def no_quote(s): return s _comment_quote_re = re.compile(r'\-\s*\>') +# Everything but \r, \n, \t: +_bad_chars_re = re.compile('[\x00-\x08\x0b-\x0c\x0e-\x1f]') def comment_quote(s): """ Quote that makes sure text can't escape a comment """ - return _comment_quote_re.sub('->', str(s)) + comment = str(s) + #comment = _bad_chars_re.sub('', comment) + #print 'in ', repr(str(s)) + #print 'out', repr(comment) + comment = _comment_quote_re.sub('->', comment) + return comment url_quote = urllib.quote url_unquote = urllib.unquote |