From 2880fee4e3f80f8748b6a69f1a72aa3a3a5fa922 Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Mon, 23 Jul 2012 16:39:25 +1200
Subject: [PATCH] Escape unprintable content in preview.

---
 libpathod/app.py   | 4 ++--
 libpathod/utils.py | 9 +++++++++
 test/test_app.py   | 4 ++++
 test/test_utils.py | 8 ++++++++
 4 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/libpathod/app.py b/libpathod/app.py
index b8e1ccdd5..c94e61ca7 100644
--- a/libpathod/app.py
+++ b/libpathod/app.py
@@ -1,6 +1,6 @@
 import logging, pprint, cStringIO
 from flask import Flask, jsonify, render_template, request, abort
-import version, rparse
+import version, rparse, utils
 
 logging.basicConfig(level="DEBUG")
 app = Flask(__name__)
@@ -83,5 +83,5 @@ def preview():
 
     s = cStringIO.StringIO()
     r.serve(s, check=app.config["pathod"].check_size)
-    args["output"] = s.getvalue()
+    args["output"] = utils.escape_unprintables(s.getvalue())
     return render_template("preview.html", **args)
diff --git a/libpathod/utils.py b/libpathod/utils.py
index 311d8f77f..40f37cab2 100644
--- a/libpathod/utils.py
+++ b/libpathod/utils.py
@@ -41,6 +41,15 @@ def parse_anchor_spec(s):
     return tuple(s.split("=", 1))
 
 
+def escape_unprintables(s):
+    s = s.replace("\r\n", "PATHOD_MARKER_RN")
+    s = s.replace("\n", "PATHOD_MARKER_N")
+    s = repr(s)[1:-1]
+    s = s.replace("PATHOD_MARKER_RN", "\n")
+    s = s.replace("PATHOD_MARKER_N", "\n")
+    return s
+
+
 class Data:
     def __init__(self, name):
         m = __import__(name)
diff --git a/test/test_app.py b/test/test_app.py
index 84d2e8e54..0b406ee02 100644
--- a/test/test_app.py
+++ b/test/test_app.py
@@ -34,4 +34,8 @@ class TestApp(tutils.DaemonTests):
         assert r.status_code == 200
         assert "too large" in r.content
 
+        r = self.getpath("/preview", params=dict(spec="200:b@5k"))
+        assert r.status_code == 200
+        assert 'Response' in r.content
+
 
diff --git a/test/test_utils.py b/test/test_utils.py
index 8ca2da499..a8f513f8f 100644
--- a/test/test_utils.py
+++ b/test/test_utils.py
@@ -15,3 +15,11 @@ def test_parse_anchor_spec():
 
 def test_data_path():
     tutils.raises(ValueError, utils.data.path, "nonexistent")
+
+
+def test_escape_unprintables():
+    s = "".join([chr(i) for i in range(255)])
+    e = utils.escape_unprintables(s)
+    assert e.encode('ascii')
+    assert not "PATHOD_MARKER" in e
+