using cgi escape as per Tim McNamara's patch

author: Walter Bender <walter@sugarlabs.org> 2010-07-03 11:17:51 (GMT)
committer: Walter Bender <walter@sugarlabs.org> 2010-07-03 11:17:51 (GMT)
commit: 8ee81d2ab903f98a29dc9d35061ab0dee042cc1f (patch)
tree: 036cb3f7de6abfb5d998b7892cad1b2fa16be482 /taexporthtml.py
parent: 6d77dc2ed50f8b4f6b436473fd7474dc50994ae4 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/taexporthtml.py b/taexporthtml.py
index 5a0d163..47577f0 100644
--- a/taexporthtml.py
+++ b/taexporthtml.py
@@ -24,6 +24,7 @@ import gtk
 import os.path
 from tautils import data_to_string, save_picture, image_to_base64
 from gettext import gettext as _
+from cgi import escape
 
 def save_html(self, tw, embed_flag=True):
     """ Either: Save canvas and code or pictures to HTML """
@@ -114,7 +115,7 @@ def save_html(self, tw, embed_flag=True):
         code += (self.html_glue['img'][0] + imgdata + \
                  self.html_glue['img'][1])
         code += self.html_glue['div'][0]
-        code += data_to_string(tw.assemble_data_to_save(False, True))
+        code += escape(data_to_string(tw.assemble_data_to_save(False, True)))
         code += self.html_glue['div'][1]
 
     if tw.running_sugar:
author	Walter Bender <walter@sugarlabs.org>	2010-07-03 11:17:51 (GMT)
committer	Walter Bender <walter@sugarlabs.org>	2010-07-03 11:17:51 (GMT)
commit	8ee81d2ab903f98a29dc9d35061ab0dee042cc1f (patch)
tree	036cb3f7de6abfb5d998b7892cad1b2fa16be482 /taexporthtml.py
parent	6d77dc2ed50f8b4f6b436473fd7474dc50994ae4 (diff)