Use Jinja2's autoescpae instead of bleach.clean()

methane · methane · commit 595bdc35249e · 2015-07-07T21:27:38.000+09:00
diff --git a/frameworks/Python/klein/app.py b/frameworks/Python/klein/app.py
@@ -1,23 +1,19 @@
 # -*- coding: utf-8 -*-
 
-import os
-import sys
-import json
-
-import bleach
-
-from random import randint
 from functools import partial
+import json
 from operator import attrgetter
-
-from klein import Klein, run, route
+import os
+from random import randint
+import sys
 
 from jinja2 import Environment, PackageLoader
-
-from sqlalchemy.ext.declarative import declarative_base
+from klein import Klein, run, route
 from sqlalchemy import create_engine, Column
-from sqlalchemy.types import String, Integer, Unicode
+from sqlalchemy.ext.declarative import declarative_base
 from sqlalchemy.orm import sessionmaker
+from sqlalchemy.types import String, Integer, Unicode
+
 
 if sys.version_info[0] == 3:
     xrange = range
@@ -31,7 +27,7 @@
 Session = sessionmaker(bind=db_engine)
 db_session = Session()
 
-env = Environment(loader=PackageLoader("app", "templates"))
+env = Environment(loader=PackageLoader("app", "templates"), autoescape=True, auto_reload=False)
 
 app = Klein()
 
@@ -114,8 +110,6 @@ def fortune(request):
 	fortunes = db_session.query(Fortune).all()
 	fortunes.append(Fortune(id=0, message="Additional fortune added at request time."))
 	fortunes.sort(key=attrgetter("message"))
-	for f in fortunes:
-		f.message = bleach.clean(f.message)
 	template = env.get_template("fortunes.html")
 	return template.render(fortunes=fortunes)
 
diff --git a/frameworks/Python/klein/requirements.txt b/frameworks/Python/klein/requirements.txt
@@ -1,6 +1,5 @@
 klein==15.0.0
 
-bleach==1.4.1
 mysqlclient==1.3.6
 SQLAlchemy==1.0.4
 jinja2==2.7.3
diff --git a/frameworks/Python/turbogears/app.py b/frameworks/Python/turbogears/app.py
@@ -1,22 +1,19 @@
-import os
-import sys
-import json
 from functools import partial
 from operator import attrgetter
+import os
 from random import randint
-
-import bleach
-
-from tg import expose, TGController, AppConfig
+import sys
+import json
 
 from jinja2 import Environment, PackageLoader
-
-from sqlalchemy.orm import scoped_session, sessionmaker
 from sqlalchemy import create_engine
+from sqlalchemy.orm import scoped_session, sessionmaker
+from tg import expose, TGController, AppConfig
 
 from models.Fortune import Fortune
 from models.World import World
 
+
 DBDRIVER = 'mysql'
 DBHOSTNAME = os.environ.get('DBHOST', 'localhost')
 DATABASE_URI = '%s://benchmarkdbuser:benchmarkdbpass@%s:3306/hello_world?charset=utf8' % (DBDRIVER, DBHOSTNAME)
@@ -25,7 +22,7 @@
 Session = sessionmaker(bind=db_engine)
 db_session = Session()
 
-env = Environment(loader=PackageLoader("app", "templates"))
+env = Environment(loader=PackageLoader("app", "templates"), autoescape=True, auto_reload=False)
 
 def getQueryNum(queryString):
     try:
@@ -76,14 +73,11 @@ def queries(self, queries=1):
         worlds = [get(rp()).serialize() for _ in xrange(num_queries)]
         return json.dumps(worlds)
 
-
     @expose()
     def fortune(self):
         fortunes = db_session.query(Fortune).all()
         fortunes.append(Fortune(id=0, message="Additional fortune added at request time."))
         fortunes.sort(key=attrgetter("message"))
-        for f in fortunes:
-            f.message = bleach.clean(f.message)
         template = env.get_template("fortunes.html")
         return template.render(fortunes=fortunes)
 
diff --git a/frameworks/Python/turbogears/requirements.txt b/frameworks/Python/turbogears/requirements.txt
@@ -1,7 +1,5 @@
 tg.devtools==2.3.5
 
-bleach==1.4.1
-
 SQLAlchemy==1.0.4
 zope.sqlalchemy==0.7.6
 mysqlclient==1.3.6
