From f7624720906ee3e9cc125a062c519c2c26c22a9f Mon Sep 17 00:00:00 2001 From: Ferry Boender Date: Mon, 7 Sep 2020 17:56:49 +0200 Subject: [PATCH] Replace cgi.escape with html.escape --- src/webapp.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/webapp.py b/src/webapp.py index ba3df08..45b25a2 100644 --- a/src/webapp.py +++ b/src/webapp.py @@ -4,6 +4,7 @@ handling them. """ import cgi +import html import logging import tempfile import os @@ -458,11 +459,11 @@ class ScriptFormWebApp(RequestHandler): # Ignore everything if we're doing raw output, since it's the # scripts responsibility. if result['exitcode'] != 0: - stderr = cgi.escape(result['stderr'].decode('utf8')) + stderr = html.escape(result['stderr'].decode('utf8')) msg = u'{0}'.format(stderr) else: if form_def.output == 'escaped': - stdout = cgi.escape(result['stdout'].decode('utf8')) + stdout = html.escape(result['stdout'].decode('utf8')) msg = u'
{0}
'.format(stdout) else: # Non-escaped output (html, usually)