escape properties using cgi.escape

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@7546 20353a03-c40f-0410-a6d1-a30d3c3de9de

escape properties using cgi.escape
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@7546 20353a03-c40f-0410-a6d1-a30d3c3de9de
5384a682 · Jérome Perrin · 048adece · 5384a682
Commit 5384a682 authored May 30, 2006 by Jérome Perrin
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

product/ERP5/bin/genbt5list product/ERP5/bin/genbt5list +5 -2

No files found.
--- a/product/ERP5/bin/genbt5list
+++ b/product/ERP5/bin/genbt5list
@@ -36,6 +36,7 @@ import os
 import sys
 import tempfile
 import shutil
+import cgi

 property_list = ('title', 'version', 'description', 'license', 'dependency_list', 'copyright_list')

@@ -88,10 +89,12 @@ def generateInformation(fd):
        for property_id in property_id_list:
          property_value = property_dict[property_id]
          if type(property_value) == type(''):
-            os.write(fd, '    <%s>%s</%s>\n' % (property_id, property_value, property_id))
+            os.write(fd, '    <%s>%s</%s>\n' % (
+                  property_id, cgi.escape(property_value), property_id))
          else:
            for value in property_value:
-              os.write(fd, '    <%s>%s</%s>\n' % (property_id, value, property_id))
+              os.write(fd, '    <%s>%s</%s>\n' % (
+                    property_id, cgi.escape(value), property_id))
        os.write(fd, '  </template>\n')
        info('done\n')
      finally: