hans/Nominatim
1
0
Fork 1
mirror of https://github.com/osm-search/Nominatim.git synced 2026-02-26 11:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

API debug: properly escape non-highlighted code

Browse Source
This commit is contained in:
Sarah Hoffmann
2024-02-16 17:27:28 +01:00
parent ca6e65fff1
commit 4aba36c5ac
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
nominatim/api/logging.py
View File

@@ -13,6 +13,7 @@ import datetime as dt
import textwrap import textwrap
import io import io
import re import re
import html
import sqlalchemy as sa import sqlalchemy as sa
from sqlalchemy.ext.asyncio import AsyncConnection from sqlalchemy.ext.asyncio import AsyncConnection
@@ -227,7 +228,7 @@ class HTMLLogger(BaseLogger):
HtmlFormatter(nowrap=True, lineseparator='<br />')) HtmlFormatter(nowrap=True, lineseparator='<br />'))
self._write(f'<div class="highlight"><code class="lang-sql">{sqlstr}</code></div>') self._write(f'<div class="highlight"><code class="lang-sql">{sqlstr}</code></div>')
else: else:
self._write(f'<code class="lang-sql">{sqlstr}</code>') self._write(f'<code class="lang-sql">{html.escape(sqlstr)}</code>')
def _python_var(self, var: Any) -> str: def _python_var(self, var: Any) -> str:
@@ -235,7 +236,7 @@ class HTMLLogger(BaseLogger):
fmt = highlight(str(var), PythonLexer(), HtmlFormatter(nowrap=True)) fmt = highlight(str(var), PythonLexer(), HtmlFormatter(nowrap=True))
return f'<div class="highlight"><code class="lang-python">{fmt}</code></div>' return f'<div class="highlight"><code class="lang-python">{fmt}</code></div>'
return f'<code class="lang-python">{str(var)}</code>' return f'<code class="lang-python">{html.escape(str(var))}</code>'
def _write(self, text: str) -> None: def _write(self, text: str) -> None: