Browse Source

Escape special characters in HTML

master
Sven Slootweg 10 years ago
parent
commit
d7f1a35ba5
  1. 8
      render

8
render

@ -22,6 +22,9 @@ parser.add_argument('-a', dest='attachment_dir', action='store', default='attach
args = parser.parse_args()
options = vars(args)
def escape_html_chars(text):
return text.replace("&", "&amp;").replace('"', "&quot;").replace("<", "&lt;").replace(">", "&gt;")
if os.path.isfile(options['database']) == False:
print "Database file not found. Use the -d switch to specify a custom database path."
exit(1)
@ -41,6 +44,11 @@ except OSError:
for message_id, sender, recipient, subject, timestamp, textbody, htmlbody, sha1_hash in cursor.execute("SELECT * FROM emails"):
sender = escape_html_chars(sender)
recipient = escape_html_chars(recipient)
subject = escape_html_chars(subject)
message_id = escape_html_chars(message_id)
versions = {}
if textbody != "":

Loading…
Cancel
Save