Commits

Anonymous committed 3eec35b

Docs.

Comments (0)

Files changed (4)

docs/_templates/index.html

   
 <p>WebHelpers is a wide variety of utility functions for web applications and
 other applications. It can be used with any web framework.  <strong>Version
-1.1</strong> was released 2009-08-09.  See <a href="whats_new.html">What's
+1.2</strong> was released 2010-08-XX.  See <a href="{{ pathto('whats_new') }}">What's
 New</a> for a list of changes and upgrading hints.  (The helpers
 deprecated in 0.6 are removed in 1.0, including the entire rails suite.)</p>
 
+<p><strong>Security update in version 1.2:</strong> addresses a potential XSS
+attack; all users are recommended to upgrade. More in
+<a href="{{ pathto('whats_new') }}">What's New</a>.</p>
+
 <p>WebHelpers includes the widely-used HTML tag builder with smart escaping and
 convenience functions for common tags such as form fields. The common builder
 ensures the tags are syntactically correct and prevent cross-site scripting
 types, including a value counter and accumulator.  There are lists of country
 names, country codes, US states, Canadian provinces, and UK counties.</p>
 
-<p>WebHelpers is pure Python and has no dependencies.  However, a few
-helpers depend on 
+<p>WebHelpers itself depends only on MarkupSafe, which has an optional C
+speedup for HTML escaping. However, a few individual helpers depend on 
 <a href="http://routes.groovie.org/">Routes</a>, 
 <a href="http://python.org/pypi/Unidecode/">unidecode</a>, 
 <a href="http://pythonpaste.org/webob/">WebOb</a>, or

docs/whats_new.rst

 
 *webhelpers.html*: The HTML builder now uses Armin Ronacher's
 "MarkupSafe" package, which Mako and Pylons have also switched to.  MarkupSafe
-has a C speedup for escaping, escapes single-quotes for greater security, and
-adds new methods to ``literal``.
+has a C speedup for escaping, escapes single-quotes for greater security (to
+close a potential XSS attack route), and adds new methods to ``literal``.
 
 * **literal** is now a subclass of ``markupsafe.Markup``
 
 # Pip requirements to build WebHelpers documentation and run tests.
 
+MarkupSafe>=0.9.2
+
 # Required for tests
 Nose
 Routes

webhelpers/html/builder.py

 
 WebHelpers 1.2 uses MarkupSafe, a package which provides an enhanced
 implementation of this protocol. Mako and Pylons have also switched to
-MarkupSafe. MarkupSafe advantages are a C speedup for escaping,
+MarkupSafe. Its advantages are a C speedup for escaping,
 escaping single-quotes for security, and adding new methods to
 ``literal``. **literal** is now a subclass of ``markupsafe.Markup``.
 **escape** is ``markupsafe.escape_silent``. (The latter does not exist yet in
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.