From e0eda611a5e951acd56884fb48e7a3049821f836 Mon Sep 17 00:00:00 2001 From: Steve Piercy <web@stevepiercy.com> Date: Sat, 23 Sep 2017 09:20:23 +0200 Subject: [PATCH] use pyramid.compat.escape instead of cgi.escape - backport of #3165 and #3171 --- docs/quick_tour/views/views.py | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/quick_tour/views/views.py b/docs/quick_tour/views/views.py index 1449cbb..95a2b60 100644 --- a/docs/quick_tour/views/views.py +++ b/docs/quick_tour/views/views.py @@ -1,4 +1,4 @@ -import cgi +from pyramid.compat import escape from pyramid.httpexceptions import HTTPFound from pyramid.response import Response @@ -16,8 +16,8 @@ def hello_view(request): name = request.params.get('name', 'No Name') body = '<p>Hi %s, this <a href="/goto">redirects</a></p>' - # cgi.escape to prevent Cross-Site Scripting (XSS) [CWE 79] - return Response(body % cgi.escape(name)) + # pyramid.compat.escape to prevent Cross-Site Scripting (XSS) [CWE 79] + return Response(body % escape(name)) # /goto which issues HTTP redirect to the last view -- Gitblit v1.9.3