From 65c0e04bb3bb1fd715be12f44f44ad05373754c0 Mon Sep 17 00:00:00 2001 From: Jordan Date: Sun, 5 Apr 2020 21:08:55 -0700 Subject: ensure HTML-safety of attributes; only-whitespace values treated as unpopulated --- rebuild.py | 14 ++++++++------ templates/index.html | 4 ++-- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/rebuild.py b/rebuild.py index 55b0d50..90103b2 100755 --- a/rebuild.py +++ b/rebuild.py @@ -65,17 +65,19 @@ def get_books(root_path): attr = dict() attr['path'] = file_path attr['duration'] = tag.duration - if tag.title: + if tag.title and not tag.title.isspace(): attr['title'] = tag.title else: - attr['title'] = file_path.split('/')[-1] - if tag.album: + attr['title'] = os.path.split(file_path)[1] + + if tag.album and not tag.album.isspace(): attr['album'] = tag.album book['title'] = tag.album else: - attr['album'] = book_path.split('/')[-1] - book['title'] = book_path.split('/')[-1] - if tag.artist: + attr['album'] = os.path.split(book_path)[1] + book['title'] = os.path.split(book_path)[1] + + if tag.artist and not tag.artist.isspace(): attr['author'] = tag.artist book['author'] = tag.artist else: diff --git a/templates/index.html b/templates/index.html index 7bee424..9bf35db 100644 --- a/templates/index.html +++ b/templates/index.html @@ -33,8 +33,8 @@ {% for b, v in books.items() %} - {{ v['title'] }} - {{ v['path'] }} + {{ v['title']|escape }} + {{ v['path']|escape }} {{ v['files']|length }} {{ v['duration_str'] }} {{ v['size_str'] }} -- cgit v1.2.3-54-g00ecf