From: Georgios Atheridis <georgios@atheridis.org>
Date: Fri, 31 Mar 2023 20:43:31 +0000 (+0100)
Subject: Escape HTML Characters
X-Git-Url: https://git.atheridis.org/?a=commitdiff_plain;p=personal%2Fsigma.git

Escape HTML Characters

When using {! !} to insert a value in the file, it now escapes special
HTML characters.
---

diff --git a/sigma b/sigma
index 076a777..a2618f8 100755
--- a/sigma
+++ b/sigma
@@ -29,6 +29,7 @@ import os
 import re
 import tomllib
 import time
+import html
 
 import markdown
 
@@ -206,13 +207,10 @@ def interpret_no_recursion(file_value: str, data: dict, namespace: tuple) -> str
         else:
             varspace = namespace + tuple(varspace)
         repl_value = str(get_value(data, varspace[:-1], varspace[-1], False))
+        repl_value = html.escape(repl_value)
         start_pos = variable.start() + len(repl_value)
         regex_variable_no_interpret.search(file_value, start_pos)
-        file_value = file_value.replace(
-            variable.group(0),
-            str(get_value(data, varspace[:-1], varspace[-1], False)),
-            1,
-        )
+        file_value = file_value.replace(variable.group(0), repl_value, 1)
     return file_value