From 1030425624b67b30073be512817661d45dceb93c Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Tue, 24 Jan 2023 11:42:16 +0300 Subject: correlations: Escape strings for html Improves upon commit 63aff5ca22cfb5caaa38ac1d737afa48fc8dbf02 --- wqflask/wqflask/correlation/show_corr_results.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/wqflask/wqflask/correlation/show_corr_results.py b/wqflask/wqflask/correlation/show_corr_results.py index 825aac70..06db20c2 100644 --- a/wqflask/wqflask/correlation/show_corr_results.py +++ b/wqflask/wqflask/correlation/show_corr_results.py @@ -18,6 +18,7 @@ # # This module is used by GeneNetwork project (www.genenetwork.org) +import html import json from base.trait import create_trait, jsonable @@ -203,7 +204,8 @@ def populate_table(dataset_metadata, target_dataset, this_dataset, corr_results, results_dict['mean'] = "N/A" results_dict['additive'] = "N/A" if target_trait['description'].strip(): - results_dict['description'] = target_trait['description'].strip().replace("<", "<").replace(">", ">") + results_dict['description'] = html.escape( + target_trait['description'].strip(), quote=True) if target_trait['mean']: results_dict['mean'] = f"{float(target_trait['mean']):.3f}" try: @@ -237,7 +239,8 @@ def populate_table(dataset_metadata, target_dataset, this_dataset, corr_results, results_dict['abbreviation'] = target_trait['abbreviation'] if target_trait["description"].strip(): - results_dict['description'] = target_trait['description'].strip().replace("<", "<").replace(">", ">") + results_dict['description'] = html.escape( + target_trait['description'].strip(), quote=True) if target_trait["mean"]: results_dict['mean'] = f"{float(target_trait['mean']):.3f}" -- cgit v1.2.3