Escape raw text sent as body to the textarea element in the page editor

[geekigeeki.git] / geekigeeki.py

diff --git a/geekigeeki.py b/geekigeeki.py
index a7e99ed10121c9af816cfc76eddc0707edeeec94..2e2ef72160395e00d6ea40566c882ecf1d2762fd 100755 (executable)
--- a/geekigeeki.py
+++ b/geekigeeki.py
@@ -366,7 +366,11 @@ class WikiFormatter:
 
         macro = globals().get('_macro_' + name)
         if not macro:
-            execfile("macros/" + name + ".py", globals())
+            try:
+                execfile("macros/" + name + ".py", globals())
+            except IOError, er:
+                if er.errno == errno.ENOENT:
+                    pass
             macro = globals().get('_macro_' + name)
         if macro:
             return macro(argv)
@@ -710,7 +714,7 @@ class Page:
         print '<div class="editor"><form name="editform" method="post" enctype="multipart/form-data" action="%s">' % relative_url(self.page_name)
         print '<input type="hidden" name="edit" value="%s">' % (self.page_name)
         print '<input type="input" id="editor" name="changelog" value="Edit page %s" accesskey="c" /><br />' % (self.page_name)
-        print '<textarea wrap="off" spellcheck="true" id="editor" name="savetext" rows="17" cols="100" accesskey="e">%s</textarea>' % (preview or self.get_raw_body())
+        print '<textarea wrap="off" spellcheck="true" id="editor" name="savetext" rows="17" cols="100" accesskey="e">%s</textarea>' % cgi.escape(preview or self.get_raw_body())
         print '<label for="file" accesskey="u">Or Upload a file:</label> <input type="file" name="file" value="%s" />' % file
         print """
             <br />