Georg Brandl avatar Georg Brandl committed 8e8e7aa

Escape all strings put into the Qt help XML files.

Comments (0)

Files changed (1)

sphinx/builders/qthelp.py

 
 import os
 import re
-import cgi
 import codecs
 import posixpath
 from os import path
+from cgi import escape
 
 from docutils import nodes
 
 <?xml version="1.0" encoding="utf-8" ?>
 <QHelpCollectionProject version="1.0">
     <assistant>
-        <title>%(project)s %(version)s</title>
+        <title>%(title)s</title>
         <homePage>%(homepage)s</homePage>
         <startPage>%(startpage)s</startPage>
     </assistant>
                 if (resourcedir and not fn.endswith('.js')) or \
                        fn.endswith('.html'):
                     filename = path.join(root, fn)[olen:]
-                    #filename = filename.replace(os.sep, '\\') # XXX
-                    projectfiles.append(file_template % {'filename': filename})
+                    projectfiles.append(file_template %
+                                        {'filename': escape(filename)})
         projectfiles = '\n'.join(projectfiles)
 
         # it seems that the "namespace" may not contain non-alphanumeric
         # write the project file
         f = codecs.open(path.join(outdir, outname+'.qhp'), 'w', 'utf-8')
         try:
-            f.write(project_template % {'outname': outname,
-                                        'title': self.config.html_title,
-                                        'version': self.config.version,
-                                        'project': self.config.project,
-                                        'namespace': nspace,
-                                        'masterdoc': self.config.master_doc,
-                                        'sections': sections,
-                                        'keywords': keywords,
-                                        'files': projectfiles})
+            f.write(project_template % {
+                'outname': escape(outname),
+                'title': escape(self.config.html_title),
+                'version': escape(self.config.version),
+                'project': escape(self.config.project),
+                'namespace': escape(nspace),
+                'masterdoc': escape(self.config.master_doc),
+                'sections': sections,
+                'keywords': keywords,
+                'files': projectfiles})
         finally:
             f.close()
 
         self.info('writing collection project file...')
         f = codecs.open(path.join(outdir, outname+'.qhcp'), 'w', 'utf-8')
         try:
-            f.write(collection_template % {'outname': outname,
-                                           'project': self.config.project,
-                                           'version': self.config.version,
-                                           'homepage': homepage,
-                                           'startpage': startpage})
+            f.write(collection_template % {
+                'outname': escape(outname),
+                'title': escape(self.config.html_short_title),
+                'homepage': escape(homepage),
+                'startpage': escape(startpage)})
         finally:
             f.close()
 
         if self.isdocnode(node):
             refnode = node.children[0][0]
             link = refnode['refuri']
-            title = cgi.escape(refnode.astext()).replace('"','&quot;')
+            title = escape(refnode.astext()).replace('"','&quot;')
             item = '<section title="%(title)s" ref="%(ref)s">' % {
                                                                 'title': title,
                                                                 'ref': link}
                 parts.extend(self.write_toc(subnode, indentlevel))
         elif isinstance(node, nodes.reference):
             link = node['refuri']
-            title = cgi.escape(node.astext()).replace('"','&quot;')
+            title = escape(node.astext()).replace('"','&quot;')
             item = section_template % {'title': title, 'ref': link}
             item = ' '*4*indentlevel + item.encode('ascii', 'xmlcharrefreplace')
             parts.append(item.encode('ascii', 'xmlcharrefreplace'))
     def build_keywords(self, title, refs, subitems):
         keywords = []
 
-        title = cgi.escape(title)
+        title = escape(title)
 #        if len(refs) == 0: # XXX
 #            write_param('See Also', title)
         if len(refs) == 1:
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.