[rhmessaging-commits] rhmessaging commits: r3219 - mgmt/trunk/wooly/python/wooly.
rhmessaging-commits at lists.jboss.org
rhmessaging-commits at lists.jboss.org
Thu Mar 26 16:03:29 EDT 2009
Author: eallen
Date: 2009-03-26 16:03:29 -0400 (Thu, 26 Mar 2009)
New Revision: 3219
Modified:
mgmt/trunk/wooly/python/wooly/forms.py
Log:
Escape input field values. Avoids injection attacks
Modified: mgmt/trunk/wooly/python/wooly/forms.py
===================================================================
--- mgmt/trunk/wooly/python/wooly/forms.py 2009-03-26 19:52:23 UTC (rev 3218)
+++ mgmt/trunk/wooly/python/wooly/forms.py 2009-03-26 20:03:29 UTC (rev 3219)
@@ -1,7 +1,7 @@
from wooly import *
from parameters import *
from resources import *
-from widgets import ItemSet
+from widgets import ItemSet, escape_entity
strings = StringCatalog(__file__)
@@ -147,7 +147,7 @@
return self.param.path
def render_value(self, session, *args):
- return self.param.marshal(self.param.get(session))
+ return escape_entity(self.param.marshal(self.param.get(session)))
def render_tab_index(self, session, *args):
return self.tab_index
More information about the rhmessaging-commits
mailing list