Merge pull request #3173 from stevepiercy/1.8-branch

use pyramid.compat.escape instead of cgi.escape
Pylons · Sep 23, 2017 · 356c9f0 · 356c9f0
2 parents b27b3d8 + f48dc6a
commit 356c9f0
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/docs/quick_tour/views/views.py b/docs/quick_tour/views/views.py
@@ -1,4 +1,4 @@
-import cgi
+from pyramid.compat import escape
 
 from pyramid.httpexceptions import HTTPFound
 from pyramid.response import Response
@@ -16,8 +16,8 @@ def home_view(request):
 def hello_view(request):
     name = request.params.get('name', 'No Name')
     body = '<p>Hi %s, this <a href="/goto">redirects</a></p>'
-    # cgi.escape to prevent Cross-Site Scripting (XSS) [CWE 79]
-    return Response(body % cgi.escape(name))
+    # pyramid.compat.escape to prevent Cross-Site Scripting (XSS) [CWE 79]
+    return Response(body % escape(name))
 
 
 # /goto which issues HTTP redirect to the last view