make sure titles are escaped in getData api

2013-06-01 00:09:49 +02:00 · 2013-06-01 00:09:49 +02:00 · b720ac1157
parent 55ddd65c7e
commit b720ac1157
1 changed files with 12 additions and 1 deletions
--- a/oxdata/movie/models.py
+++ b/oxdata/movie/models.py
@ -142,6 +142,7 @@ class Imdb(models.Model):
            t = re.sub('<a href="(/title/.*?/)">(.*?)</a>', fix_titles, t)

            return t
+
        if 'trivia' in data:
            data['trivia'] = [fix_links(t) for t in data['trivia']]

@ -167,11 +168,21 @@ class Imdb(models.Model):
            data['reviews'] = reviews
            if not data['reviews']:
                del data['reviews']
-
        data['likes'] = self.info('likes')
        data['downloads'] = self.info('downloads')
        data['links'] = self.links()
        data['posters'] = self.posters(request)
+        if 'title' in data:
+            data['title'] = ox.sanitize_html(data['title'])
+        if 'alternativeTitles' in data:
+            for a in data['alternativeTitles']:
+                a[0] = ox.sanitize_html(a[0])
+        if 'connections' in data:
+            for type in data['connections']:
+                for c in data['connections'][type]:
+                    for key in ('title', 'description'):
+                        if key in c:
+                            c[key] = ox.sanitize_html(c[key])
        return data
    
    def info(self, key):