Fix escaping in index.html

author: Craig Tiller <ctiller@google.com> 2017-02-15 23:30:27 -0800
committer: Craig Tiller <ctiller@google.com> 2017-02-15 23:30:27 -0800
commit: 891e8162e409b7048297c5b820a399f19f2a020b (patch)
tree: e6a421dea79f30c477bf70240dde3ad6422ebcfb
parent: 4ead91a9145f6a255c4f72324254bac8b4d4f45b (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/tools/run_tests/run_microbenchmark.py b/tools/run_tests/run_microbenchmark.py
index 4e60cce868..9bcba598b8 100755
--- a/tools/run_tests/run_microbenchmark.py
+++ b/tools/run_tests/run_microbenchmark.py
@@ -28,6 +28,7 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+import cgi
 import multiprocessing
 import os
 import subprocess
@@ -71,11 +72,12 @@ def heading(name):
 
 def link(txt, tgt):
   global index_html
-  index_html += "<p><a href=\"%s\">%s</a></p>\n" % (tgt, txt)
+  index_html += "<p><a href=\"%s\">%s</a></p>\n" % (
+      cgi.escape(tgt, quote=True), cgi.escape(txt))
 
 def text(txt):
   global index_html
-  index_html += "<p><pre>%s</pre></p>\n" % txt
+  index_html += "<p><pre>%s</pre></p>\n" % cgi.escape(txt)
 
 def collect_latency(bm_name, args):
   """generate latency profiles"""
author	Craig Tiller <ctiller@google.com>	2017-02-15 23:30:27 -0800
committer	Craig Tiller <ctiller@google.com>	2017-02-15 23:30:27 -0800
commit	891e8162e409b7048297c5b820a399f19f2a020b (patch)
tree	e6a421dea79f30c477bf70240dde3ad6422ebcfb
parent	4ead91a9145f6a255c4f72324254bac8b4d4f45b (diff)