From b720ac1157474b5a25171921fbadc944d8262c53 Mon Sep 17 00:00:00 2001
From: j <0x006A@0x2620.org>
Date: Sat, 1 Jun 2013 00:09:49 +0200
Subject: [PATCH] make sure titles are escaped in getData api

---
 oxdata/movie/models.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/oxdata/movie/models.py b/oxdata/movie/models.py
index 9ed0295..cd1c08e 100644
--- a/oxdata/movie/models.py
+++ b/oxdata/movie/models.py
@@ -142,6 +142,7 @@ class Imdb(models.Model):
             t = re.sub('<a href="(/title/.*?/)">(.*?)</a>', fix_titles, t)
 
             return t
+
         if 'trivia' in data:
             data['trivia'] = [fix_links(t) for t in data['trivia']]
 
@@ -167,11 +168,21 @@ class Imdb(models.Model):
             data['reviews'] = reviews
             if not data['reviews']:
                 del data['reviews']
-
         data['likes'] = self.info('likes')
         data['downloads'] = self.info('downloads')
         data['links'] = self.links()
         data['posters'] = self.posters(request)
+        if 'title' in data:
+            data['title'] = ox.sanitize_html(data['title'])
+        if 'alternativeTitles' in data:
+            for a in data['alternativeTitles']:
+                a[0] = ox.sanitize_html(a[0])
+        if 'connections' in data:
+            for type in data['connections']:
+                for c in data['connections'][type]:
+                    for key in ('title', 'description'):
+                        if key in c:
+                            c[key] = ox.sanitize_html(c[key])
         return data
     
     def info(self, key):