From b720ac1157474b5a25171921fbadc944d8262c53 Mon Sep 17 00:00:00 2001 From: j <0x006A@0x2620.org> Date: Sat, 1 Jun 2013 00:09:49 +0200 Subject: [PATCH] make sure titles are escaped in getData api --- oxdata/movie/models.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/oxdata/movie/models.py b/oxdata/movie/models.py index 9ed0295..cd1c08e 100644 --- a/oxdata/movie/models.py +++ b/oxdata/movie/models.py @@ -142,6 +142,7 @@ class Imdb(models.Model): t = re.sub('(.*?)', fix_titles, t) return t + if 'trivia' in data: data['trivia'] = [fix_links(t) for t in data['trivia']] @@ -167,11 +168,21 @@ class Imdb(models.Model): data['reviews'] = reviews if not data['reviews']: del data['reviews'] - data['likes'] = self.info('likes') data['downloads'] = self.info('downloads') data['links'] = self.links() data['posters'] = self.posters(request) + if 'title' in data: + data['title'] = ox.sanitize_html(data['title']) + if 'alternativeTitles' in data: + for a in data['alternativeTitles']: + a[0] = ox.sanitize_html(a[0]) + if 'connections' in data: + for type in data['connections']: + for c in data['connections'][type]: + for key in ('title', 'description'): + if key in c: + c[key] = ox.sanitize_html(c[key]) return data def info(self, key):