From 0818628718c4a5d3ddd671fbd4881bf176e7d6e2 Mon Sep 17 00:00:00 2001 From: martinRenou Date: Thu, 28 Jul 2022 17:05:41 +0200 Subject: [PATCH] Check input type before escaping --- nbconvert/exporters/templateexporter.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/nbconvert/exporters/templateexporter.py b/nbconvert/exporters/templateexporter.py index 472549920..fc6a89b67 100644 --- a/nbconvert/exporters/templateexporter.py +++ b/nbconvert/exporters/templateexporter.py @@ -40,6 +40,13 @@ ) +def escape_html(s, quote=True): + if not isinstance(s, str): + return s + else: + return html.escape(s) + + default_filters = { "indent": filters.indent, "markdown2html": filters.markdown2html, @@ -71,7 +78,7 @@ "convert_pandoc": filters.convert_pandoc, "json_dumps": json.dumps, # For removing any HTML - "escape_html": html.escape, + "escape_html": escape_html, # For sanitizing HTML for any XSS "clean_html": clean_html, "strip_trailing_newline": filters.strip_trailing_newline,