use cgi.escape to escape &,<,>

author David Mazary <dmazary@gmail.com>

Thu, 15 Mar 2012 01:15:04 +0000 (22:15 -0300)

committer David Mazary <dmazary@gmail.com>

Thu, 15 Mar 2012 01:15:04 +0000 (22:15 -0300)
author David Mazary <dmazary@gmail.com>
Thu, 15 Mar 2012 01:15:04 +0000 (22:15 -0300)
committer David Mazary <dmazary@gmail.com>
Thu, 15 Mar 2012 01:15:04 +0000 (22:15 -0300)
diff --git a/xonstat/util.py b/xonstat/util.py

index 758b2066d7497d0b5c2feb43ac307c2973aa9e77..23d9e28e0170ba6d9a93d6e61dd33fd9e0f3aaf1 100755 (executable)
--- a/xonstat/util.py
+++ b/xonstat/util.py
@@ -1,4 +1,5 @@
  import re
+from cgi import escape
  from datetime import datetime
  
  # Map of special chars to ascii from Darkplace's console.c.
@@ -78,7 +79,7 @@ def strip_colors(qstr=''):
  
  
  def html_colors(qstr=''):
-    qstr = qfont_decode(qstr)
+    qstr = escape(qfont_decode(qstr))
      def dec_repl(match):
          return _dec_spans[int(match.group(1))]
      qstr = qstr.replace('^^', '^')
author	David Mazary <dmazary@gmail.com>
	Thu, 15 Mar 2012 01:15:04 +0000 (22:15 -0300)
committer	David Mazary <dmazary@gmail.com>
	Thu, 15 Mar 2012 01:15:04 +0000 (22:15 -0300)