Skip to content

Commit

Permalink
Check input type before escaping
Browse files Browse the repository at this point in the history
  • Loading branch information
@martinRenou @SylvainCorlay
martinRenou authored and SylvainCorlay committed Aug 9, 2022
1 parent b206470 commit 0818628
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion nbconvert/exporters/templateexporter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,13 @@
)


def escape_html(s, quote=True):
if not isinstance(s, str):
return s
else:
return html.escape(s)


default_filters = {
"indent": filters.indent,
"markdown2html": filters.markdown2html,
Expand Down Expand Up @@ -71,7 +78,7 @@
"convert_pandoc": filters.convert_pandoc,
"json_dumps": json.dumps,
# For removing any HTML
"escape_html": html.escape,
"escape_html": escape_html,
# For sanitizing HTML for any XSS
"clean_html": clean_html,
"strip_trailing_newline": filters.strip_trailing_newline,
Expand Down

0 comments on commit 0818628

Please sign in to comment.