fix escape not in cgi for newer pythons

author: rakvat <rakvat@users.noreply.github.com> 2020-05-08 17:25:03 +0200
committer: rakvat <rakvat@users.noreply.github.com> 2020-05-08 17:25:03 +0200
commit: 21a0e62915b4c1275a08a46631fad5376355b9df (patch)
tree: 58e51baf36196fad3440d6d4c8ad2c5aa76a00aa
parent: e90430bed2ba62a751bf43ff367576e84b9130f6 (diff)
download: pysaml2-21a0e62915b4c1275a08a46631fad5376355b9df.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/example/sp-wsgi/sp.py b/example/sp-wsgi/sp.py
index bec6747f..bd8a9578 100755
--- a/example/sp-wsgi/sp.py
+++ b/example/sp-wsgi/sp.py
@@ -2,7 +2,10 @@
 from __future__ import print_function
 
 import argparse
-import cgi
+try:
+    import html
+except:
+    import cgi as html
 import importlib
 import logging
 import os
@@ -48,6 +51,9 @@ from saml2.s_utils import sid
 from saml2.saml import NAMEID_FORMAT_PERSISTENT
 from saml2.samlp import Extensions
 
+def _html_escape(payload):
+    return html.escape(payload, quote=True)
+
 logger = logging.getLogger("")
 hdlr = logging.FileHandler("spx.log")
 base_formatter = logging.Formatter("%(asctime)s %(name)s:%(levelname)s %(message)s")
@@ -699,7 +705,7 @@ def main(environ, start_response, sp):
     body = dict_to_table(user.data)
     body.append(
         "<br><pre>{authn_stmt}</pre>".format(
-            authn_stmt=cgi.escape(user.authn_statement)
+            authn_stmt=_html_escape(user.authn_statement)
         )
     )
     body.append("<br><a href='/logout'>logout</a>")
author	rakvat <rakvat@users.noreply.github.com>	2020-05-08 17:25:03 +0200
committer	rakvat <rakvat@users.noreply.github.com>	2020-05-08 17:25:03 +0200
commit	21a0e62915b4c1275a08a46631fad5376355b9df (patch)
tree	58e51baf36196fad3440d6d4c8ad2c5aa76a00aa
parent	e90430bed2ba62a751bf43ff367576e84b9130f6 (diff)
download	pysaml2-21a0e62915b4c1275a08a46631fad5376355b9df.tar.gz