Comments (6)
This should be happening at the template processing level...you shouldn't need to wrap every variable inside the template.
from webpy.
What to you mean when you say "at processing level"? Do you mean filtering? This doesn't happen, at least to me.
from webpy.
Then it sounds like that's the bug... Does filtering not work for you at all or only on error pages?
from webpy.
I reproduced in a minimal environment. While the application I'm writing should run on google appengine i moved djangoerror_t
in a template and replaced the following lines:
global djangoerror_r
if djangoerror_r is None:
djangoerror_r = Template(djangoerror_t, filename=__file__, filter=websafe)
with:
global djangoerror_r
if djangoerror_r is None:
djangoerror_r = render('templates').debugerror
and actually the error raise only in a modified version. So I tried a minimal example and seems that variables loaded from templates are not escaped. Here the code:
import web
from google.appengine.ext.webapp.util import run_wsgi_app
web.config['debug'] = True
urls = (
'/', 'index',
'/error', 'error'
)
app = web.application(urls, globals())
render = web.template.render('templates')
class index:
def GET(self):
return render.index('<marco>')
class error:
def GET(self):
return render.error()
def main():
application = app.wsgifunc()
run_wsgi_app(application)
if __name__ == '__main__':
main()
and the template:
$def with (who)
hello $who
from webpy.
I found the bug. the problems rise in compiled templates used by appengine. By default variables are escaped by escape_
func which is a CompiledTemplate
method but of a dummy object. This template haven't an associated file and as result in template.py:866
the associated filter is None
. I hope i was clear.
PS. Which is the preferred/ufficial bug tracker? this one or the lauchpad one?
from webpy.
Fixed escaping issue on GAE. closed by 84205cf.
from webpy.
Related Issues (20)
- Cookies storing the session id are always treated like session cookies, ignoring the timeout config parameter
- Support weak (W/) Etags/If-None-Match header
- Use re.fullmatch HOT 5
- CORS origin not working HOT 2
- how to get the balance of nft ? erc721
- python2 to python3 changes
- python2 to python3 changes
- python2 to python3 difference
- UnicodeError while handling a bug HOT 6
- when will it be v1.0? HOT 1
- mssql can not get data HOT 1
- failed to compile the project due to "ImportError" HOT 3
- Document development setup HOT 1
- CI failing lint/ruff on unchanged lines HOT 2
- UnicodeDecodeError in 0.70 HOT 3
- pip install web.py doesn't install the latest version. HOT 3
- Just a suggestion, is there any plan to unify the name? HOT 1
- Please add nginx unit as "production" platform! HOT 7
- sqlite3's default datetime and timestamp adapters are deprecated as of Py3.12 HOT 1
- Python 3.12: tokenize.TokenError: ('unterminated string literal HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webpy.