From 8ee81d2ab903f98a29dc9d35061ab0dee042cc1f Mon Sep 17 00:00:00 2001
From: Walter Bender <walter@sugarlabs.org>
Date: Sat, 03 Jul 2010 11:17:51 +0000
Subject: using cgi escape as per Tim McNamara's patch

---
(limited to 'taexporthtml.py')

diff --git a/taexporthtml.py b/taexporthtml.py
index 5a0d163..47577f0 100644
--- a/taexporthtml.py
+++ b/taexporthtml.py
@@ -24,6 +24,7 @@ import gtk
 import os.path
 from tautils import data_to_string, save_picture, image_to_base64
 from gettext import gettext as _
+from cgi import escape
 
 def save_html(self, tw, embed_flag=True):
     """ Either: Save canvas and code or pictures to HTML """
@@ -114,7 +115,7 @@ def save_html(self, tw, embed_flag=True):
         code += (self.html_glue['img'][0] + imgdata + \
                  self.html_glue['img'][1])
         code += self.html_glue['div'][0]
-        code += data_to_string(tw.assemble_data_to_save(False, True))
+        code += escape(data_to_string(tw.assemble_data_to_save(False, True)))
         code += self.html_glue['div'][1]
 
     if tw.running_sugar:
--
cgit v0.9.1