Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-07-09 03:04:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

Conversion/Book polishing: Fix ampersands in title/series/publisher/author not being properly escaped. Fixes #1393230 [[Jacket] Ampersands in title/authors/series not parsed](https://bugs.launchpad.net/calibre/+bug/1393230)

Browse Source
This commit is contained in:
Kovid Goyal 2014-11-17 08:55:37 +05:30
parent 328000d9f7
commit dfbb179cce
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/calibre/ebooks/oeb/transforms/jacket.py
View File

@ -6,7 +6,7 @@ __license__ = 'GPL v3'
__copyright__ = '2009, Kovid Goyal <kovid@kovidgoyal.net>' __copyright__ = '2009, Kovid Goyal <kovid@kovidgoyal.net>'
__docformat__ = 'restructuredtext en' __docformat__ = 'restructuredtext en'
import sys, os import sys, os, re
from xml.sax.saxutils import escape from xml.sax.saxutils import escape
from string import Formatter from string import Formatter
@ -147,11 +147,12 @@ def get_rating(rating, rchar, e_rchar):
class Series(unicode): class Series(unicode):
def __new__(self, series, series_index): def __new__(self, series, series_index):
series = roman = escape(series or u'')
if series and series_index is not None: if series and series_index is not None:
roman = _('Number {1} of <em>{0}</em>').format( roman = _('Number {1} of <em>{0}</em>').format(
escape(series), escape(fmt_sidx(series_index, use_roman=True))) escape(series), escape(fmt_sidx(series_index, use_roman=True)))
series = escape(series + ' [%s]'%fmt_sidx(series_index, use_roman=False)) series = escape(series + ' [%s]'%fmt_sidx(series_index, use_roman=False))
else:
series = roman = escape(series or u'')
s = unicode.__new__(self, series) s = unicode.__new__(self, series)
s.roman = roman s.roman = roman
return s return s
@ -171,17 +172,22 @@ def render_jacket(mi, output_profile,
css = P('jacket/stylesheet.css', data=True).decode('utf-8') css = P('jacket/stylesheet.css', data=True).decode('utf-8')
template = P('jacket/template.xhtml', data=True).decode('utf-8') template = P('jacket/template.xhtml', data=True).decode('utf-8')
template = re.sub(r'<!--.*?-->', '', template, flags=re.DOTALL)
css = re.sub(r'/\*.*?\*/', '', css, flags=re.DOTALL)
try: try:
title_str = mi.title if mi.title else alt_title title_str = mi.title if mi.title else alt_title
except: except:
title_str = _('Unknown') title_str = _('Unknown')
title = '<span class="title">%s</span>' % (escape(title_str)) title_str = escape(title_str)
title = '<span class="title">%s</span>' % title_str
series = Series(mi.series, mi.series_index) series = Series(mi.series, mi.series_index)
try: try:
publisher = mi.publisher if mi.publisher else alt_publisher publisher = mi.publisher if mi.publisher else alt_publisher
except: except:
publisher = '' publisher = ''
publisher = escape(publisher)
try: try:
if is_date_undefined(mi.pubdate): if is_date_undefined(mi.pubdate):
@ -205,6 +211,7 @@ def render_jacket(mi, output_profile,
author = mi.format_authors() author = mi.format_authors()
except: except:
author = '' author = ''
author = escape(author)
def generate_html(comments): def generate_html(comments):
args = dict(xmlns=XHTML_NS, args = dict(xmlns=XHTML_NS,