From 944b6b781cb231cb6bc5ff2c368eb666f19a131a Mon Sep 17 00:00:00 2001
From: lars <lars@systemausfall.org>
Date: Sat, 31 Mar 2012 11:41:54 +0000
Subject: [PATCH] add "nofollow" and escape HTML input

---
 wortschlucker/src/wortschlucker.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wortschlucker/src/wortschlucker.py b/wortschlucker/src/wortschlucker.py
index ba62ac5..58f565c 100755
--- a/wortschlucker/src/wortschlucker.py
+++ b/wortschlucker/src/wortschlucker.py
@@ -295,8 +295,9 @@ def get_markup_with_links(text):
         prefix, url, suffix = match.groups()
         # only take the TLD part of the url
         short_name = url.split("/")[2]
-        return """%s<a href="%s">%s</a>%s""" % (prefix, url, short_name, suffix)
+        return """%s<a href="%s" rel="nofollow">%s</a>%s""" % (prefix, url, short_name, suffix)
     # surround all urls with html markup
+    text = genshi.escape(text)
     text = re.sub(r"(\A|\s|\()(https?://[\w/\?\.\#=;,_\-\~&]*)(\)|\s|\Z)",
             get_link_markup, text)
     return get_markup_with_formatted_linebreaks(text, "<br />")