Skip to content

Instantly share code, notes, and snippets.

@dimitrov
Created May 3, 2011 16:05
Show Gist options
  • Save dimitrov/953622 to your computer and use it in GitHub Desktop.
Save dimitrov/953622 to your computer and use it in GitHub Desktop.
A decorator function for preventing cross-site scriting attacks for bottle.py
#!/usr/bin/env python
import bottle
from bottle import route
def websafe(func):
"""
A decorator function for preventing cross-site scriting attacks
"""
def wrapper(*args, **kwargs):
result = func(*args, **kwargs)
result = result.replace(u"&", u"&")
result = result.replace(u"<", u"&lt;")
result = result.replace(u">", u"&gt;")
result = result.replace(u"'", u"&#39;")
result = result.replace(u'"', u"&quot;")
return result
return wrapper
@route('/hello/:name')
@websafe
def hello(name):
return "Hello %s!" % name
application = bottle.default_app()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment