diff options
author | Nicholas Car <nicholas.car@surroundaustralia.com> | 2020-12-27 21:08:09 +1000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-27 21:08:09 +1000 |
commit | b557dca5c26b7d9b21f1d9d897289c01e8376511 (patch) | |
tree | 3ba68bf651f2f3b28d2695d9f5abc07a7ad9ed58 | |
parent | 43cc004272f266c3fe78a35fccda215d78f643f6 (diff) | |
parent | 1ee96eb1b0c1cee67a1414a6a4055fe36036a67d (diff) | |
download | rdflib-b557dca5c26b7d9b21f1d9d897289c01e8376511.tar.gz |
Merge pull request #1209 from blake-regalia/fix/rdf2dot-ampersand-escape
rd2dot Escape HTML in node label and URI text
-rw-r--r-- | rdflib/tools/rdf2dot.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/rdflib/tools/rdf2dot.py b/rdflib/tools/rdf2dot.py index 37c8f784..1e202d40 100644 --- a/rdflib/tools/rdf2dot.py +++ b/rdflib/tools/rdf2dot.py @@ -153,7 +153,7 @@ def rdf2dot(g, stream, opts={}): + "<font point-size='10' color='#6666ff'>%s</font></td>" + "</tr>%s</table> > ] \n" ) - stream.write(opstr % (n, NODECOLOR, label(u, g), u, u, "".join(f))) + stream.write(opstr % (n, NODECOLOR, html.escape(label(u, g)), u, html.escape(u), "".join(f))) stream.write("}\n") |