Escape HTML Characters

When using {! !} to insert a value in the file, it now escapes special
HTML characters.

diff --git a/sigma b/sigma
index 076a777e0846923c39172a76b6a9a4a89885c2e9..a2618f8431b56871f6bda1514d726666b3b5353d 100755 (executable)
--- a/sigma
+++ b/sigma
@@ -29,6 +29,7 @@ import os
 import re
 import tomllib
 import time
 import re
 import tomllib
 import time

+import html

 
 import markdown
 
 
 import markdown
 


@@ -206,13 +207,10 @@ def interpret_no_recursion(file_value: str, data: dict, namespace: tuple) -> str
         else:
             varspace = namespace + tuple(varspace)
         repl_value = str(get_value(data, varspace[:-1], varspace[-1], False))
         else:
             varspace = namespace + tuple(varspace)
         repl_value = str(get_value(data, varspace[:-1], varspace[-1], False))

+        repl_value = html.escape(repl_value)

         start_pos = variable.start() + len(repl_value)
         regex_variable_no_interpret.search(file_value, start_pos)
         start_pos = variable.start() + len(repl_value)
         regex_variable_no_interpret.search(file_value, start_pos)

-        file_value = file_value.replace(
-            variable.group(0),
-            str(get_value(data, varspace[:-1], varspace[-1], False)),
-            1,
-        )
+        file_value = file_value.replace(variable.group(0), repl_value, 1)

     return file_value
 
 
     return file_value