diff options
| author | Nicolai Haehnle <nhaehnle@gmail.com> | 2007-03-25 22:03:12 +0200 |
|---|---|---|
| committer | Nicolai Haehnle <nhaehnle@gmail.com> | 2007-03-25 22:03:12 +0200 |
| commit | 63213fc4d5b37dda88d485383cc9e698244b5cdb (patch) | |
| tree | 23a76e30829466e4987233169d6fcb42051b48c4 /framework | |
| parent | ecf9baf56694e27dd10af46ec1867c6c327cce40 (diff) | |
Fix escaping
Diffstat (limited to 'framework')
| -rw-r--r-- | framework/core.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/framework/core.py b/framework/core.py index ede26d194..a83a92e49 100644 --- a/framework/core.py +++ b/framework/core.py @@ -80,10 +80,12 @@ def encode(text): return r def decode(text): - # Unescape then reescape " and ' to make sure no unescaped - # instances remain + # Unescape then reescape ", ' and \ to make sure no unescaped + # instances remain (that could break out of eval()) + text = text.replace("\\\\", "\\") text = text.replace("\\'", "'") text = text.replace('\\"', '"') + text = text.replace("\\", "\\\\") text = text.replace("'", "\\'") text = text.replace('"', '\\"') return eval('"' + text + '"') |