Merge pull request #1209 from blake-regalia/fix/rdf2dot-ampersand-escape

rd2dot Escape HTML in node label and URI text
author: Nicholas Car <nicholas.car@surroundaustralia.com> 2020-12-27 21:08:09 +1000
committer: GitHub <noreply@github.com> 2020-12-27 21:08:09 +1000
commit: b557dca5c26b7d9b21f1d9d897289c01e8376511 (patch)
tree: 3ba68bf651f2f3b28d2695d9f5abc07a7ad9ed58
parent: 43cc004272f266c3fe78a35fccda215d78f643f6 (diff)
parent: 1ee96eb1b0c1cee67a1414a6a4055fe36036a67d (diff)
download: rdflib-b557dca5c26b7d9b21f1d9d897289c01e8376511.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/rdflib/tools/rdf2dot.py b/rdflib/tools/rdf2dot.py
index 37c8f784..1e202d40 100644
--- a/rdflib/tools/rdf2dot.py
+++ b/rdflib/tools/rdf2dot.py
@@ -153,7 +153,7 @@ def rdf2dot(g, stream, opts={}):
             + "<font point-size='10' color='#6666ff'>%s</font></td>"
             + "</tr>%s</table> > ] \n"
         )
-        stream.write(opstr % (n, NODECOLOR, label(u, g), u, u, "".join(f)))
+        stream.write(opstr % (n, NODECOLOR, html.escape(label(u, g)), u, html.escape(u), "".join(f)))
 
     stream.write("}\n")
author	Nicholas Car <nicholas.car@surroundaustralia.com>	2020-12-27 21:08:09 +1000
committer	GitHub <noreply@github.com>	2020-12-27 21:08:09 +1000
commit	b557dca5c26b7d9b21f1d9d897289c01e8376511 (patch)
tree	3ba68bf651f2f3b28d2695d9f5abc07a7ad9ed58
parent	43cc004272f266c3fe78a35fccda215d78f643f6 (diff)
parent	1ee96eb1b0c1cee67a1414a6a4055fe36036a67d (diff)
download	rdflib-b557dca5c26b7d9b21f1d9d897289c01e8376511.tar.gz