USN Tool

Merge lp:~willmoggridge/usn-tool/sanitizehtml into lp:usn-tool

  1. sanitizehtml
  2. Merge into trunk
Proposed by Will Moggridge
Status: Merged
Approved by: Tyler Hicks
Approved revision: 126
Merged at revision: 127
Proposed branch: lp:~willmoggridge/usn-tool/sanitizehtml
Merge into: lp:usn-tool
Diff against target: 44 lines (+13/-4)
1 file modified
templates/webpage-markdown.txt (+13/-4)
To merge this branch: bzr merge lp:~willmoggridge/usn-tool/sanitizehtml
Reviewer Review Type Date Requested Status
Tyler Hicks (community) Approve
Review via email: mp+340743@code.launchpad.net

Description of the change

Update markdown content escaping.
Move the function to a macro and add escaping to HTML by converting < and > to HTMl attributes.

To post a comment you must log in.
Revision history for this message
Tyler Hicks (tyhicks) wrote :

It looks like this change is doing something odd in USN-288-1. I see this in the new site:

"... which is the representation of the backslash character >>&lt;< in ASCII."

It should be displaying ">>/<<" instead of ">>&lt;<".

Is that hugo getting confused by the backslash in "&gt;&gt;\&lt;&lt;"?

I admit that this is an overly complex USN text so I don't necessarily consider this a blocker. I was just wondering if you could easily spot the problem?

review: Needs Information
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Approving and merging this but I'd still like the issue I described above to be addressed if you see a way to fix it.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'templates/webpage-markdown.txt'
2--- templates/webpage-markdown.txt 2018-02-23 06:07:03 +0000
3+++ templates/webpage-markdown.txt 2018-03-05 13:20:46 +0000
4@@ -1,5 +1,15 @@
5 {# http://genshi.edgewall.org/wiki/Documentation/text-templates.html #}\
6 {# This is a template that may eventually be used to generate markdown for a new USN site #}\
7+{# Replace single backslash with two (which requires a lot of backslashes), escape double quotes and HTML. #}\
8+{% def sanitize(input) %}\
9+${\
10+ input.strip()\
11+ .replace('\\\','&bsol;')\
12+ .replace('"','&quot;')\
13+ .replace('<', '&lt;')\
14+ .replace('>', '&gt;')\
15+}\
16+{% end %}\
17 {% if defined('cves') %}\
18 {% if cves.sort() %}{% end %}\
19 {% end %}\
20@@ -13,8 +23,7 @@
21 ]
22 date: ${timestr}
23 {% with short_description=(description[:350].rsplit(' ', 1)[0]+'...') if len(description) > 350 else description %}\
24-{# Replace single backslash with two (which requires a lot of backslashes) and escape double quotes. #}\
25-description: "{% if defined('description') %}${short_description.replace('\\\','\\\\\\\').replace('"','\\\"')}{% end %}"
26+description: "{% if defined('description') %}${sanitize(short_description)}{% end %}"
27 {% end %}\
28 ---
29 {% end %}\
30@@ -39,13 +48,13 @@
31 ### Software Description
32
33 {% for name, description in package_descriptions.iteritems() %}\
34-* ${name}{% if len(description) > 0 %} - ${description}{% end %}
35+* ${name}{% if len(description) > 0 %} - ${sanitize(description)}{% end %}
36 {% end %}\
37 {% end %}\
38
39 ### Details
40
41-${description.strip()}
42+${sanitize(description)}
43
44 ## Update instructions
45

Subscribers

People subscribed via source and target branches

to all changes: