commit: ef2ef7974ab9bf55c5193a30544f71d8ca04f7b0
parent: 7e1f27e45924147cc2219ddb9299460f202b206b
Author: Adam Tauber <asciimoo@gmail.com>
Date: Fri, 9 Dec 2016 19:10:33 +0100
[enh] central html escaping of results
Diffstat:
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/searx/webapp.py b/searx/webapp.py
@@ -40,7 +40,7 @@ except:
logger.critical("cannot import dependency: pygments")
from sys import exit
exit(1)
-
+from cgi import escape
from datetime import datetime, timedelta
from urllib import urlencode
from urlparse import urlparse, urljoin
@@ -433,8 +433,9 @@ def index():
for result in results:
if output_format == 'html':
if 'content' in result and result['content']:
- result['content'] = highlight_content(result['content'][:1024], search_query.query.encode('utf-8'))
- result['title'] = highlight_content(result['title'], search_query.query.encode('utf-8'))
+ result['content'] = highlight_content(escape(result['content'][:1024]),
+ search_query.query.encode('utf-8'))
+ result['title'] = highlight_content(escape(result['title']), search_query.query.encode('utf-8'))
else:
if result.get('content'):
result['content'] = html_to_text(result['content']).strip()
