Home Explore Help
Sign In
compsci-industry
/
TechEmpower.FrameworkBenchmarks
mirror of https://github.com/TechEmpower/FrameworkBenchmarks.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

cherrypy: Don't use bleach

bleach is sanitizing tool. It may be too heavy.
cgi.escape() is enough for just escaping some characters.
INADA Naoki 10 years ago
parent
8eff291ad6
commit
2a3c05b753
2 changed files with 2 additions and 5 deletions
Unified View Show Diff Stats
  1. 2 2
      frameworks/Python/cherrypy/app.py
  2. 0 3
      frameworks/Python/cherrypy/requirements.txt

+ 2 - 2
frameworks/Python/cherrypy/app.py
View File 

@@ -1,10 +1,10 @@
 
+import cgi
 
 import os
 
 import os
 
 import sys
 
 import sys
 
 from functools import partial
 
 from functools import partial
 
 from operator import attrgetter
 
 from operator import attrgetter
 
 from random import randint
 
 from random import randint
 
 import json
 
 import json
 
-import bleach
 
 
 
 import cherrypy
 
 import cherrypy
 
 from sqlalchemy.ext.declarative import declarative_base
 
 from sqlalchemy.ext.declarative import declarative_base
 
@@ -111,7 +111,7 @@ class CherryPyBenchmark(object):
 
         fortunes.sort(key=attrgetter("message"))
 
         fortunes.sort(key=attrgetter("message"))
 
         html = "<!DOCTYPE html><html><head><title>Fortunes</title></head><body><table><tr><th>id</th><th>message</th></tr>"
 
         html = "<!DOCTYPE html><html><head><title>Fortunes</title></head><body><table><tr><th>id</th><th>message</th></tr>"
 
         for f in fortunes:
 
         for f in fortunes:
 
-            html += "<tr><td>" + str(f.id) + "</td><td>" + bleach.clean(f.message) + "</td></tr>"
 
+            html += "<tr><td>" + str(f.id) + "</td><td>" + cgi.escape(f.message) + "</td></tr>"
 
         html += "</table></body></html>"
 
         html += "</table></body></html>"
 
         return html
 
         return html

+ 0 - 3
frameworks/Python/cherrypy/requirements.txt
View File 

@@ -1,6 +1,3 @@
 
 cherrypy==3.7.0
 
 cherrypy==3.7.0
 
-
 
-bleach==1.4.1
 
-
 
 SQLAlchemy==1.0.4
 
 SQLAlchemy==1.0.4
 
 mysqlclient==1.3.6
 
 mysqlclient==1.3.6