HTML escape output.

This commit is contained in:
Sergio Martínez Portela 2022-05-07 23:44:37 +02:00
parent 51245491e1
commit e618e3c4eb

View File

@ -144,7 +144,7 @@ def render_list_item(element, acc):
acc.append("<li>") acc.append("<li>")
if element.tag is not None: if element.tag is not None:
acc.append("<span class='tag'>") acc.append("<span class='tag'>")
acc.append(element.tag) acc.append(html.escape(element.tag))
acc.append("</span>") acc.append("</span>")
acc.append("<span class='item'>") acc.append("<span class='item'>")
@ -154,7 +154,7 @@ def render_list_item(element, acc):
def render_code_block(element, acc): def render_code_block(element, acc):
acc.append('<pre><code>') acc.append('<pre><code>')
acc.append(element.lines) acc.append(html.escape(element.lines))
acc.append('</code></pre>') acc.append('</code></pre>')
@ -168,11 +168,17 @@ def render_text_tokens(tokens, acc):
if isinstance(chunk, str): if isinstance(chunk, str):
acc.append('{}</span> '.format(chunk)) acc.append('{}</span> '.format(chunk))
elif isinstance(chunk, Link): elif isinstance(chunk, Link):
# @TODO: URLEscape
link_target = chunk.value link_target = chunk.value
if link_target.startswith('id:'): if link_target.startswith('id:'):
link_target = './' + link_target[3:] + '.node.html' link_target = './' + link_target[3:] + '.node.html'
acc.append('<a href="{}">{}</a>'.format(link_target, chunk.description)) description = chunk.description
if description is None:
description = chunk.value
acc.append('<a href="{}">{}</a>'.format(
html.escape(link_target),
html.escape(description),
))
else: else:
raise NotImplementedError('TextToken: {}'.format(chunk)) raise NotImplementedError('TextToken: {}'.format(chunk))