diff options
| author | Colin Cross <ccross@android.com> | 2016-05-20 22:24:56 (GMT) |
|---|---|---|
| committer | Colin Cross <ccross@android.com> | 2016-05-27 19:50:11 (GMT) |
| commit | 8aeb91ebb12057b34b60084311ef4c790311559f (patch) | |
| tree | 0d546b4f770ecad56d1bab66bbec44870fb5e43a | |
| parent | 63a8584b069a32b871237fc80dcb4c397b863ef7 (diff) | |
| download | Ninja-8aeb91ebb12057b34b60084311ef4c790311559f.zip Ninja-8aeb91ebb12057b34b60084311ef4c790311559f.tar.gz Ninja-8aeb91ebb12057b34b60084311ef4c790311559f.tar.bz2 | |
Escape ninja output inserted into HTML
Ninja query or error output may contain characters that need to be
escaped when being inserted into HTML. Replace &, ", <, and > with
their & equivalent.
| -rwxr-xr-x | src/browse.py | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/src/browse.py b/src/browse.py index 32792f3..4b4faa8 100755 --- a/src/browse.py +++ b/src/browse.py @@ -27,6 +27,7 @@ try: except ImportError: import BaseHTTPServer as httpserver import argparse +import cgi import os import socket import subprocess @@ -58,6 +59,9 @@ def match_strip(line, prefix): return (False, line) return (True, line[len(prefix):]) +def html_escape(text): + return cgi.escape(text, quote=True) + def parse(text): lines = iter(text.split('\n')) @@ -124,19 +128,19 @@ tt { ''' + body def generate_html(node): - document = ['<h1><tt>%s</tt></h1>' % node.target] + document = ['<h1><tt>%s</tt></h1>' % html_escape(node.target)] if node.inputs: document.append('<h2>target is built using rule <tt>%s</tt> of</h2>' % - node.rule) + html_escape(node.rule)) if len(node.inputs) > 0: document.append('<div class=filelist>') for input, type in sorted(node.inputs): extra = '' if type: - extra = ' (%s)' % type + extra = ' (%s)' % html_escape(type) document.append('<tt><a href="?%s">%s</a>%s</tt><br>' % - (input, input, extra)) + (html_escape(input), html_escape(input), extra)) document.append('</div>') if node.outputs: @@ -144,7 +148,7 @@ def generate_html(node): document.append('<div class=filelist>') for output in sorted(node.outputs): document.append('<tt><a href="?%s">%s</a></tt><br>' % - (output, output)) + (html_escape(output), html_escape(output))) document.append('</div>') return '\n'.join(document) @@ -177,7 +181,7 @@ class RequestHandler(httpserver.BaseHTTPRequestHandler): page_body = generate_html(parse(ninja_output.strip())) else: # Relay ninja's error message. - page_body = '<h1><tt>%s</tt></h1>' % ninja_error + page_body = '<h1><tt>%s</tt></h1>' % html_escape(ninja_error) self.send_response(200) self.end_headers() |