escape ampersand
This commit is contained in:
parent
d1e065d9f6
commit
0233cfc09e
19
musik.py
19
musik.py
|
|
@ -78,6 +78,13 @@ def init_library():
|
||||||
return tracks
|
return tracks
|
||||||
|
|
||||||
|
|
||||||
|
def escape(string):
|
||||||
|
"""Escape things."""
|
||||||
|
string = parse.quote(string, safe='')
|
||||||
|
string = string.replace('&', '%26')
|
||||||
|
return string
|
||||||
|
|
||||||
|
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
api = Api(app)
|
api = Api(app)
|
||||||
tracks = init_library()
|
tracks = init_library()
|
||||||
|
|
@ -127,14 +134,14 @@ class Selection(Resource):
|
||||||
found.pop('filepath')
|
found.pop('filepath')
|
||||||
found['streampath'] = url_for(
|
found['streampath'] = url_for(
|
||||||
'stream',
|
'stream',
|
||||||
artist=parse.quote(track.artist, safe=''),
|
artist=escape(track.artist),
|
||||||
album=parse.quote(track.album, safe=''),
|
album=escape(track.album),
|
||||||
track=parse.quote(track.title, safe=''))
|
track=escape(track.title))
|
||||||
found['coverart'] = url_for(
|
found['coverart'] = url_for(
|
||||||
'coverart',
|
'coverart',
|
||||||
artist=parse.quote(track.artist, safe=''),
|
artist=escape(track.artist),
|
||||||
album=parse.quote(track.album, safe=''),
|
album=escape(track.album),
|
||||||
track=parse.quote(track.title, safe=''))
|
track=escape(track.title))
|
||||||
return found
|
return found
|
||||||
|
|
||||||
elif args.get('album'):
|
elif args.get('album'):
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,7 @@ function select_artist(select) {
|
||||||
document.getElementById('albumList').innerHTML = html_str;
|
document.getElementById('albumList').innerHTML = html_str;
|
||||||
document.getElementById('trackList').innerHTML = '';
|
document.getElementById('trackList').innerHTML = '';
|
||||||
};
|
};
|
||||||
httpRequest.open('GET', api_uri + '?artist=' + select.value, true);
|
httpRequest.open('GET', api_uri + '?artist=' + select.value.replace('&', '%26'), true);
|
||||||
httpRequest.send();
|
httpRequest.send();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -49,7 +49,7 @@ function select_album(select) {
|
||||||
}
|
}
|
||||||
document.getElementById('trackList').innerHTML = html_str;
|
document.getElementById('trackList').innerHTML = html_str;
|
||||||
};
|
};
|
||||||
httpRequest.open('GET', api_uri + '?artist=' + document.getElementById('artistList').value + '&album=' + select.value, true);
|
httpRequest.open('GET', api_uri + '?artist=' + document.getElementById('artistList').value.replace('&', '%26') + '&album=' + select.value.replace('&', '%26'), true);
|
||||||
httpRequest.send();
|
httpRequest.send();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -63,7 +63,7 @@ function select_track(select) {
|
||||||
let track = JSON.parse(httpRequest.responseText);
|
let track = JSON.parse(httpRequest.responseText);
|
||||||
change_track(track);
|
change_track(track);
|
||||||
};
|
};
|
||||||
httpRequest.open('GET', api_uri + '?artist=' + document.getElementById('artistList').value + '&album=' + document.getElementById('albumList').value + '&track=' + select.value, true);
|
httpRequest.open('GET', api_uri + '?artist=' + document.getElementById('artistList').value.replace('&', '%26') + '&album=' + document.getElementById('albumList').value.replace('&', '%26') + '&track=' + select.value.replace('&', '%26'), true);
|
||||||
httpRequest.send();
|
httpRequest.send();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user