Just a bit more paranoia in quoting comments, though I wasn't able to reproduce any actual issue

author: Ian Bicking <ianb@colorstudy.com> 2010-09-14 10:57:29 -0500
committer: Ian Bicking <ianb@colorstudy.com> 2010-09-14 10:57:29 -0500
commit: 2f43ca51972a0cfa19b8dfedb38aa1eca3d21d79 (patch)
tree: 4c553cbecc5a9a2d65d7738023be9fdd7b7a85e1 /paste/util
parent: f135179046751bd421eba341cc56da0c984dbea8 (diff)
download: paste-2f43ca51972a0cfa19b8dfedb38aa1eca3d21d79.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/paste/util/quoting.py b/paste/util/quoting.py
index 582cc40..6184752 100644
--- a/paste/util/quoting.py
+++ b/paste/util/quoting.py
@@ -77,11 +77,18 @@ def no_quote(s):
     return s
 
 _comment_quote_re = re.compile(r'\-\s*\>')
+# Everything but \r, \n, \t:
+_bad_chars_re = re.compile('[\x00-\x08\x0b-\x0c\x0e-\x1f]')
 def comment_quote(s):
     """
     Quote that makes sure text can't escape a comment
     """
-    return _comment_quote_re.sub('-&gt', str(s))
+    comment = str(s)
+    #comment = _bad_chars_re.sub('', comment)
+    #print 'in ', repr(str(s))
+    #print 'out', repr(comment)
+    comment = _comment_quote_re.sub('-&gt;', comment)
+    return comment
 
 url_quote = urllib.quote
 url_unquote = urllib.unquote
author	Ian Bicking <ianb@colorstudy.com>	2010-09-14 10:57:29 -0500
committer	Ian Bicking <ianb@colorstudy.com>	2010-09-14 10:57:29 -0500
commit	2f43ca51972a0cfa19b8dfedb38aa1eca3d21d79 (patch)
tree	4c553cbecc5a9a2d65d7738023be9fdd7b7a85e1 /paste/util
parent	f135179046751bd421eba341cc56da0c984dbea8 (diff)
download	paste-2f43ca51972a0cfa19b8dfedb38aa1eca3d21d79.tar.gz