From ef0e2e2ba0d85f9b978ad735080426e0240d7ae1 Mon Sep 17 00:00:00 2001 From: tomkat83 Date: Sat, 6 May 2017 18:36:24 +0200 Subject: [PATCH] Plex Companion: escape HTML --- resources/lib/playlist_func.py | 6 ++++-- resources/lib/utils.py | 17 +++++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/resources/lib/playlist_func.py b/resources/lib/playlist_func.py index 5fb9289c..b3a9f143 100644 --- a/resources/lib/playlist_func.py +++ b/resources/lib/playlist_func.py @@ -4,7 +4,7 @@ from urlparse import parse_qsl, urlsplit import plexdb_functions as plexdb from downloadutils import DownloadUtils as DU -from utils import JSONRPC, tryEncode +from utils import JSONRPC, tryEncode, escape_html from PlexAPI import API ############################################################################### @@ -157,6 +157,8 @@ def playlist_item_from_xml(playlist, xml_video_element): item.plex_id = api.getRatingKey() item.ID = xml_video_element.attrib['%sItemID' % playlist.kind] item.guid = xml_video_element.attrib.get('guid') + if item.guid is not None: + item.guid = escape_html(item.guid) if item.plex_id: with plexdb.Get_Plex_DB() as plex_db: db_element = plex_db.getItem_byId(item.plex_id) @@ -336,7 +338,7 @@ def add_item_to_PMS_playlist(playlist, pos, plex_id=None, kodi_item=None): # Get the guid for this item for plex_item in xml: if plex_item.attrib['%sItemID' % playlist.kind] == item.ID: - item.guid = plex_item.attrib['guid'] + item.guid = escape_html(plex_item.attrib['guid']) playlist.items.append(item) if pos == len(playlist.items) - 1: # Item was added at the end diff --git a/resources/lib/utils.py b/resources/lib/utils.py index 57b8c341..752801cf 100644 --- a/resources/lib/utils.py +++ b/resources/lib/utils.py @@ -182,6 +182,23 @@ def tryDecode(string, encoding='utf-8'): return string +def escape_html(string): + """ + Escapes the following: + < to < + > to > + & to & + """ + escapes = { + '<': '<', + '>': '>', + '&': '&' + } + for key, value in escapes.iteritems(): + string = string.replace(key, value) + return string + + def DateToKodi(stamp): """ converts a Unix time stamp (seconds passed sinceJanuary 1 1970) to a