render.py: use markupsafe since werkzeug has removed escape from its …

…utils: pallets/werkzeug@22d1e9a
pyeve · Apr 13, 2022 · 9ae14e5 · 9ae14e5
1 parent c20aa0c
commit 9ae14e5
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/eve/render.py b/eve/render.py
@@ -15,6 +15,7 @@
 import datetime
 import simplejson as json
 from werkzeug import utils
+from markupsafe import escape
 from functools import wraps
 from eve.methods.common import get_rate_limit
 from eve.utils import (
@@ -386,7 +387,7 @@ def xml_root_open(cls, data):
         href = title = ""
         if links and "self" in links:
             self_ = links.pop("self")
-            href = ' href="%s" ' % utils.escape(self_["href"])
+            href = ' href="%s" ' % escape(self_["href"])
             if "title" in self_:
                 title = ' title="%s" ' % self_["title"]
         return "<resource%s%s>" % (href, title)
@@ -444,11 +445,11 @@ def xml_add_links(cls, data):
 
             elif isinstance(link, list):
                 xml += "".join(
-                    chunk % (rel, utils.escape(d["href"]), utils.escape(d["title"]))
+                    chunk % (rel, escape(d["href"]), escape(d["title"]))
                     for d in link
                 )
             else:
-                xml += "".join(chunk % (rel, utils.escape(link["href"]), link["title"]))
+                xml += "".join(chunk % (rel, escape(link["href"]), link["title"]))
         return xml
 
     @classmethod
@@ -525,7 +526,7 @@ def xml_dict(cls, data):
                     xml += cls.xml_field_close(k)
                 else:
                     xml += cls.xml_field_open(k, idx, related_links)
-                    xml += "%s" % utils.escape(value)
+                    xml += "%s" % escape(value)
                     xml += cls.xml_field_close(k)
         return xml
 
@@ -543,13 +544,13 @@ def xml_field_open(cls, field, idx, related_links):
             if isinstance(related_links[field], list):
                 return '<%s href="%s" title="%s">' % (
                     field,
-                    utils.escape(related_links[field][idx]["href"]),
+                    escape(related_links[field][idx]["href"]),
                     related_links[field][idx]["title"],
                 )
             else:
                 return '<%s href="%s" title="%s">' % (
                     field,
-                    utils.escape(related_links[field]["href"]),
+                    escape(related_links[field]["href"]),
                     related_links[field]["title"],
                 )
         else: