HTML-escape expression in the output (to quote &)

diff --git a/README b/README
index 57d3b0b5346b4f9c0e0ddc36a19a1e134ccfb3df..b8b749cb3ca4ba21b9aa6e6bc24895906016446e 100644 (file)
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
 Search for tags in my blog.
 Author: Oleg Broytman <phd@phdru.name>
-Copyright (C) 2014, 2015 PhiloSoft Design.
+Copyright (C) 2014-2016 PhiloSoft Design.
 License: GPL.

diff --git a/TODO b/TODO
index 07713412ff3d2bbe44556f0c89d674f001a974d8..f6f494c32d5e47d981329bf97b3a49362a4edbaf 100644 (file)
--- a/TODO
+++ b/TODO
@@ -1,6 +1,3 @@
-HTML-escape expression in the output (to quote &).
-
-
 Use grako instead of PLY.
 
 

diff --git a/search-tags.py b/search-tags.py
index fe006bfd5b69f41d1759baa56b8905ad1da58893..e40f05c0500e5104d88e0948da57a7196ba85dbc 100755 (executable)
--- a/search-tags.py
+++ b/search-tags.py
@@ -3,7 +3,7 @@
 """Search tags CGI"""
 
 __author__ = "Oleg Broytman <phd@phdru.name>"
-__copyright__ = "Copyright (C) 2014 PhiloSoft Design"
+__copyright__ = "Copyright (C) 2014-2016 PhiloSoft Design"
 __license__ = "GNU GPL"
 
 import cgi, sys
@@ -42,7 +42,7 @@ else:
         from tags import find_tags
         posts = find_tags(tree)
         status = None
-        title = "Записи, найденные для выражения " + q
+        title = "Записи, найденные для выражения " + cgi.escape(q)
         if posts:
             _posts = ["""\
 <p class="head">