bugfix: trying to fix the cross-site-scripting vulnerability

freedomsponsors · Sep 5, 2012 · 1c35ec6 · 1c35ec6
1 parent 98b0057
commit 1c35ec6
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/djangoproject/core/formattingutils.py b/djangoproject/core/formattingutils.py
@@ -6,15 +6,17 @@
 
 class HighlighterRenderer(HtmlRenderer, SmartyPants):
     def block_code(self, text, lang):
+        s = ''
         if not lang:
-            return '\n<pre><code>%s</code></pre>\n' % text.strip()
+            lang = 'text'
         try:
             lexer = get_lexer_by_name(lang, stripall=True)
         except:
-            return '<div class="highlight"><span class="err">Error: language "%s" is not supported</span></div>' % lang + \
-                '\n<pre><code>%s</code></pre>\n' % text.strip()
+            s += '<div class="highlight"><span class="err">Error: language "%s" is not supported</span></div>' % lang
+            lexer = get_lexer_by_name('text', stripall=True)
         formatter = HtmlFormatter()
-        return highlight(text, lexer, formatter)
+        s += highlight(text, lexer, formatter)
+        return s
 
     def table(self, header, body):
         return '<table class="table">\n'+header+'\n'+body+'\n</table>'