Fix XSS attacks as reported by Tim Wintle

author: Ian Bicking <ianb@colorstudy.com> 2010-06-15 12:30:05 -0500
committer: Ian Bicking <ianb@colorstudy.com> 2010-06-15 12:30:05 -0500
commit: bde24c75563bee1f86eec96ec2bd9adac5b71e29 (patch)
tree: f9218976db1cfeccafb04a91fa75864aa2b7de2e /paste/util
parent: 15e51654e469e87a6974e46969e8ec1295937f96 (diff)
download: paste-bde24c75563bee1f86eec96ec2bd9adac5b71e29.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/paste/util/quoting.py b/paste/util/quoting.py
index b596d7f..582cc40 100644
--- a/paste/util/quoting.py
+++ b/paste/util/quoting.py
@@ -76,6 +76,13 @@ def no_quote(s):
     """
     return s
 
+_comment_quote_re = re.compile(r'\-\s*\>')
+def comment_quote(s):
+    """
+    Quote that makes sure text can't escape a comment
+    """
+    return _comment_quote_re.sub('-&gt', str(s))
+
 url_quote = urllib.quote
 url_unquote = urllib.unquote
author	Ian Bicking <ianb@colorstudy.com>	2010-06-15 12:30:05 -0500
committer	Ian Bicking <ianb@colorstudy.com>	2010-06-15 12:30:05 -0500
commit	bde24c75563bee1f86eec96ec2bd9adac5b71e29 (patch)
tree	f9218976db1cfeccafb04a91fa75864aa2b7de2e /paste/util
parent	15e51654e469e87a6974e46969e8ec1295937f96 (diff)
download	paste-bde24c75563bee1f86eec96ec2bd9adac5b71e29.tar.gz