Escape unprintable content in preview.

libpathod/app.py

@@ -1,6 +1,6 @@
 import logging, pprint, cStringIO
 from flask import Flask, jsonify, render_template, request, abort
-import version, rparse
+import version, rparse, utils
 
 logging.basicConfig(level="DEBUG")
 app = Flask(__name__)
@@ -83,5 +83,5 @@ def preview():
 
     s = cStringIO.StringIO()
     r.serve(s, check=app.config["pathod"].check_size)
-    args["output"] = s.getvalue()
+    args["output"] = utils.escape_unprintables(s.getvalue())
     return render_template("preview.html", **args)

libpathod/utils.py

@@ -41,6 +41,15 @@ def parse_anchor_spec(s):
     return tuple(s.split("=", 1))
 
 
+def escape_unprintables(s):
+    s = s.replace("\r\n", "PATHOD_MARKER_RN")
+    s = s.replace("\n", "PATHOD_MARKER_N")
+    s = repr(s)[1:-1]
+    s = s.replace("PATHOD_MARKER_RN", "\n")
+    s = s.replace("PATHOD_MARKER_N", "\n")
+    return s
+
+
 class Data:
     def __init__(self, name):
         m = __import__(name)

test/test_app.py

@@ -34,4 +34,8 @@ class TestApp(tutils.DaemonTests):
         assert r.status_code == 200
         assert "too large" in r.content
 
+        r = self.getpath("/preview", params=dict(spec="200:b@5k"))
+        assert r.status_code == 200
+        assert 'Response' in r.content
+
 

test/test_utils.py

@@ -15,3 +15,11 @@ def test_parse_anchor_spec():
 
 def test_data_path():
     tutils.raises(ValueError, utils.data.path, "nonexistent")
+
+
+def test_escape_unprintables():
+    s = "".join([chr(i) for i in range(255)])
+    e = utils.escape_unprintables(s)
+    assert e.encode('ascii')
+    assert not "PATHOD_MARKER" in e
+