From e0eda611a5e951acd56884fb48e7a3049821f836 Mon Sep 17 00:00:00 2001
From: Steve Piercy <web@stevepiercy.com>
Date: Sat, 23 Sep 2017 09:20:23 +0200
Subject: [PATCH] use pyramid.compat.escape instead of cgi.escape - backport of #3165 and #3171

---
 docs/quick_tour/views/views.py |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/quick_tour/views/views.py b/docs/quick_tour/views/views.py
index 1449cbb..95a2b60 100644
--- a/docs/quick_tour/views/views.py
+++ b/docs/quick_tour/views/views.py
@@ -1,4 +1,4 @@
-import cgi
+from pyramid.compat import escape
 
 from pyramid.httpexceptions import HTTPFound
 from pyramid.response import Response
@@ -16,8 +16,8 @@
 def hello_view(request):
     name = request.params.get('name', 'No Name')
     body = '<p>Hi %s, this <a href="/goto">redirects</a></p>'
-    # cgi.escape to prevent Cross-Site Scripting (XSS) [CWE 79]
-    return Response(body % cgi.escape(name))
+    # pyramid.compat.escape to prevent Cross-Site Scripting (XSS) [CWE 79]
+    return Response(body % escape(name))
 
 
 # /goto which issues HTTP redirect to the last view

--
Gitblit v1.9.3