-
Notifications
You must be signed in to change notification settings - Fork 192
Commit
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,9 +5,11 @@ | |
# file, You can obtain one at http://mozilla.org/MPL/2.0/. | ||
|
||
import json | ||
import requests | ||
import re | ||
import urllib | ||
|
||
import requests | ||
|
||
from flask.ext.github import GitHubError | ||
from flask import flash | ||
from flask import g | ||
|
@@ -278,12 +280,21 @@ def cssfixme(): | |
|
||
url = request.args.get('url') | ||
escaped_csscode = '' | ||
req = None | ||
if url: | ||
req = requests.get(url) | ||
# Security precautions: we want to make sure we escape HTML tags. | ||
# (The code should end up in TEXTAREA so the main risk is actually | ||
# some attacker sneaking in a </TEXTAREA> tag..) | ||
escaped_csscode = req.text.replace('<', '<') | ||
try: | ||
req = requests.get(url) | ||
except requests.exceptions.MissingSchema, e: | ||
# Somebody gave us an URL not prefixed by http(s):// | ||
req = requests.get('http://{0}'.format(url)) | ||
except Exception,e: | ||
This comment has been minimized.
Sorry, something went wrong. |
||
pass # If we can't load this URL, the TEXTAREA loads empty. No big deal. | ||
if req: | ||
# Security precautions: we want to make sure we escape HTML tags. | ||
# (The code should end up in TEXTAREA so the main risk is actually | ||
# some attacker sneaking in a </TEXTAREA> tag..) | ||
rx_textarea = re.compile('</textarea>', re.IGNORECASE) | ||
escaped_csscode = rx_textarea.sub('</textarea>', req.text) | ||
This comment has been minimized.
Sorry, something went wrong.
karlcow
Member
|
||
return render_template('cssfixme.html', escaped_csscode=escaped_csscode) | ||
|
||
|
||
|
syntax
Exception, e