Escape HTML entities in comments

2025-07-09 03:04:10 -04:00 · 2019-08-10 21:09:03 -05:00 · 2019-08-10 21:09:03 -05:00 · a81ff78c0a
commit a81ff78c0a
parent 8cbaa3a9e2
1 changed files with 7 additions and 1 deletions
--- a/src/calibre/ebooks/metadata/html.py
+++ b/src/calibre/ebooks/metadata/html.py
@ -176,7 +176,7 @@ def get_metadata_(src, encoding=None):
    mi = Metadata(title, string_to_authors(authors))

    # Single-value text fields
-    for field in ('publisher', 'isbn', 'comments'):
+    for field in ('publisher', 'isbn'):
        val = get(field)
        if val:
            setattr(mi, field, val)
@ -187,6 +187,12 @@ def get_metadata_(src, encoding=None):
        if val:
            setattr(mi, field, val)

+    # HTML fields
+    for field in ('comments',):
+        val = get(field)
+        if val:
+            setattr(mi, field, val.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&apos;'))
+
    # Date fields
    for field in ('pubdate', 'timestamp'):
        try: