http-checker: changeset 23:d6c6049b1699

--- a/src/unicorn_ui.py	Thu Oct 21 00:58:13 2010 +0900
+++ b/src/unicorn_ui.py	Thu Oct 21 01:17:29 2010 +0900
@@ -20,6 +20,7 @@
 import cgi
 import nbhttp
 import logging
+import urllib
 from string import Template
 
 __date__ = "Jun 30, 2010"
@@ -165,11 +166,7 @@
             if len(q) == 2:
                 if q[0] == "ca_uri":
                     uri = q[1]
-                    # avoid xss
-                    xs_dict = {r'"':'&quat;', r'<':'&lt', r'>':'&gt', r'&':'&amp;'}
-                    for str in xs_dict.keys():
-                        uri = re.sub(str, xs_dict[str], uri)
-                    test_uri = uri
+                    test_uri = cgi.escape(uri, True) 
                 if q[0] == "output":
                     if q[1] == "ucn":
                         run_engine = True
@@ -207,6 +204,7 @@
     return [result]
 
 def standalone_main(test_uri):
+    test_uri = cgi.escape(test_uri, True) 
     red = UnicornUi(test_uri) 
     print red.get_result()

author	hiro
	Thu, 21 Oct 2010 01:17:29 +0900
changeset 23	d6c6049b1699
parent 22	ef771cbc53f1
child 24	5006808e03f9