From e061c6e059ab8055f5b95f162d791fa9c9c422d6 Mon Sep 17 00:00:00 2001 From: Adam Tauber Date: Sat, 23 Jan 2016 15:20:36 +0100 Subject: [PATCH] [fix] swisscow and yandex escaping - fixes #499 --- searx/engines/swisscows.py | 9 +++++---- searx/engines/yandex.py | 5 +++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/searx/engines/swisscows.py b/searx/engines/swisscows.py index 2d31264..864436a 100644 --- a/searx/engines/swisscows.py +++ b/searx/engines/swisscows.py @@ -10,6 +10,7 @@ @parse url, title, content """ +from cgi import escape from json import loads from urllib import urlencode, unquote import re @@ -77,7 +78,7 @@ def response(resp): # append result results.append({'url': result['SourceUrl'], - 'title': result['Title'], + 'title': escape(result['Title']), 'content': '', 'img_src': img_url, 'template': 'images.html'}) @@ -89,8 +90,8 @@ def response(resp): # append result results.append({'url': result_url, - 'title': result_title, - 'content': result_content}) + 'title': escape(result_title), + 'content': escape(result_content)}) # parse images for result in json.get('Images', []): @@ -99,7 +100,7 @@ def response(resp): # append result results.append({'url': result['SourceUrl'], - 'title': result['Title'], + 'title': escape(result['Title']), 'content': '', 'img_src': img_url, 'template': 'images.html'}) diff --git a/searx/engines/yandex.py b/searx/engines/yandex.py index 938fdd1..be3ec36 100644 --- a/searx/engines/yandex.py +++ b/searx/engines/yandex.py @@ -9,6 +9,7 @@ @parse url, title, content """ +from cgi import escape from urllib import urlencode from lxml import html from searx.search import logger @@ -51,8 +52,8 @@ def response(resp): for result in dom.xpath(results_xpath): try: res = {'url': result.xpath(url_xpath)[0], - 'title': ''.join(result.xpath(title_xpath)), - 'content': ''.join(result.xpath(content_xpath))} + 'title': escape(''.join(result.xpath(title_xpath))), + 'content': escape(''.join(result.xpath(content_xpath)))} except: logger.exception('yandex parse crash') continue