BenCzechMark-unstable

Runtime error

idolezal commited on Jul 19

Commit

f3684c5

•

1 Parent(s): a1ddac4

HTML escape

Files changed (1) hide show

server.py CHANGED Viewed

@@ -5,6 +5,7 @@ import os
 import hashlib
 import time
 from collections import namedtuple
 import gradio as gr
 import pandas as pd
@@ -110,7 +111,7 @@ class LeaderboardServer:
                 model_link = data["metadata"]["link_to_model"]
                 model_title = data["metadata"]["team_name"] + "/" + data["metadata"]["model_name"]
                 model_title_abbr = self.abbreviate(data["metadata"]["team_name"], 14) + "/" + self.abbreviate(data["metadata"]["model_name"], 14)
-                local_results["model"] = f'<a href="{model_link}" title="{model_title}">{model_title_abbr}</a>'  # TODO: HTML escape
                 release = data["metadata"].get("submission_timestamp")
                 release = time.strftime("%Y-%m-%d", time.gmtime(release)) if release else "N/A"
                 local_results["release"] = release

 import hashlib
 import time
 from collections import namedtuple
+from xml.sax.saxutils import escape as xmlEscape, quoteattr as xmlQuoteAttr
 import gradio as gr
 import pandas as pd
                 model_link = data["metadata"]["link_to_model"]
                 model_title = data["metadata"]["team_name"] + "/" + data["metadata"]["model_name"]
                 model_title_abbr = self.abbreviate(data["metadata"]["team_name"], 14) + "/" + self.abbreviate(data["metadata"]["model_name"], 14)
+                local_results["model"] = f'<a href={xmlQuoteAttr(model_link)} title={xmlQuoteAttr(model_title)}>{xmlEscape(model_title_abbr)}</a>'  # TODO: Markdown esacape
                 release = data["metadata"].get("submission_timestamp")
                 release = time.strftime("%Y-%m-%d", time.gmtime(release)) if release else "N/A"
                 local_results["release"] = release