]> git.notmuchmail.org Git - notmuch/blobdiff - devel/nmbug/nmbug-status
projects / notmuch / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
nmbug-status: Escape &, <, and > in HTML display data
[notmuch] / devel / nmbug / nmbug-status
diff --git a/devel/nmbug/nmbug-status b/devel/nmbug/nmbug-status
index 873a46a890d6250d522ef88eeff9e021e81c81dc..1c390e6d391de3a71c510a759d9e11e8e90be9dc 100755 (executable)
--- a/devel/nmbug/nmbug-status
+++ b/devel/nmbug/nmbug-status
@@ -21,8 +21,10 @@ except ImportError:  # Python 2
 import json
 import argparse
 import os
+import re
 import sys
 import subprocess
+import xml.sax.saxutils
 
 
 _ENCODING = locale.getpreferredencoding() or sys.getdefaultencoding()
@@ -168,24 +170,32 @@ class Page (object):
 
 
 class HtmlPage (Page):
+    _slug_regexp = re.compile('\W+')
+
     def _write_header(self, views, stream):
         super(HtmlPage, self)._write_header(views=views, stream=stream)
         stream.write('<ul>\n')
         for view in views:
+            if 'id' not in view:
+                view['id'] = self._slug(view['title'])
             stream.write(
-                '<li><a href="#{title}">{title}</a></li>\n'.format(**view))
+                '<li><a href="#{id}">{title}</a></li>\n'.format(**view))
         stream.write('</ul>\n')
 
     def _write_view_header(self, view, stream):
-        stream.write('<h3><a name="{title}" />{title}</h3>\n'.format(**view))
+        stream.write('<h3 id="{id}">{title}</h3>\n'.format(**view))
+        stream.write('<p>\n')
         if 'comment' in view:
             stream.write(view['comment'])
             stream.write('\n')
         for line in [
                 'The view is generated from the following query:',
-                '<blockquote>',
+                '</p>',
+                '<p>',
+                '  <code>',
                 view['query-string'],
-                '</blockquote>',
+                '  </code>',
+                '</p>',
                 ]:
             stream.write(line)
             stream.write('\n')
@@ -199,7 +209,7 @@ class HtmlPage (Page):
                 stream.write((
                     '<tr>\n'
                     '  <td>{date}</td>\n'
-                    '  <td>{message-id-term}</td>\n'
+                    '  <td><code>{message-id-term}</code></td>\n'
                     '</tr>\n'
                     '<tr>\n'
                     '  <td>{from}</td>\n'
@@ -217,13 +227,19 @@ class HtmlPage (Page):
         if 'subject' in display_data and 'message-id' in display_data:
             d = {
                 'message-id': quote(display_data['message-id']),
-                'subject': display_data['subject'],
+                'subject': xml.sax.saxutils.escape(display_data['subject']),
                 }
             display_data['subject'] = (
                 '<a href="http://mid.gmane.org/{message-id}">{subject}</a>'
                 ).format(**d)
+        for key in ['message-id', 'from']:
+            if key in display_data:
+                display_data[key] = xml.sax.saxutils.escape(display_data[key])
         return (running_data, display_data)
 
+    def _slug(self, string):
+        return self._slug_regexp.sub('-', string)
+
 
 _PAGES['text'] = Page()
 _PAGES['html'] = HtmlPage(
@@ -235,8 +251,10 @@ _PAGES['html'] = HtmlPage(
 </head>
 <body>
 <h2>Notmuch Patches</h2>
+<p>
 Generated: {date}<br />
 For more infomation see <a href="http://notmuchmail.org/nmbug">nmbug</a>
+</p>
 <h3>Views</h3>
 '''.format(date=datetime.datetime.utcnow().date()),
     footer='</body>\n</html>\n',
Notmuch source code