From ab540a03dc5ec3881d4a3575669ce4b3ec0a0274 Mon Sep 17 00:00:00 2001
From: Christian Jeworrek <christian.jeworrek@its-jeworrek.de>
Date: Sat, 29 Mar 2025 18:44:10 +0100
Subject: [PATCH] html.escape 4 strings in rss

---
 scripts/einsaetze_rss_feed.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/scripts/einsaetze_rss_feed.py b/scripts/einsaetze_rss_feed.py
index 59ff429..f4777f3 100644
--- a/scripts/einsaetze_rss_feed.py
+++ b/scripts/einsaetze_rss_feed.py
@@ -2,6 +2,7 @@
 import os
 import re
 import locale
+import html
 from datetime import datetime
 from pytz import timezone
 import requests
@@ -27,7 +28,7 @@ print('<?xml version="1.0" encoding="UTF-8" ?>\n'
 '<description>' + FWNAME + ' Einsätze</description>')
 
 for mysoup in soup.find_all('a', class_='einsatz-link text-nowrap'):
-    mylink = BASEURL + mysoup['href']
+    mylink = html.escape(BASEURL + mysoup['href'])
     soup2 = BeautifulSoup(session.get( mylink ,timeout=10).content, 'html.parser')
     mydatetime_str = soup2.find("th",string='Einsatzstart').find_next("td").string
     mydatetime = datetime.strptime(mydatetime_str, '%d. %B  %Y %H:%M')
@@ -39,6 +40,7 @@ for mysoup in soup.find_all('a', class_='einsatz-link text-nowrap'):
         mykeywords = mykeywords.find_next("td").string.strip()
     else:
         mykeywords = ""
+    mykeywords = html.escape(mykeywords)
     myunits = soup2.find("th",string='Alarmierte Einheiten')
     if myunits is None:
         myunits = soup2.find("th",string='Alarmierung')
@@ -46,14 +48,15 @@ for mysoup in soup.find_all('a', class_='einsatz-link text-nowrap'):
         myunits = myunits.find_next("td").string.strip()
     else:
         myunits = ""
+    myunits = html.escape(myunits)
     print("<item>")
     locale.setlocale(locale.LC_TIME, 'en_US.UTF-8')
     print("<pubDate>" + mydatetime.strftime('%a, %d %b %Y %H:%M:%S %z') + "</pubDate>")
     locale.setlocale(locale.LC_TIME, 'de_DE.UTF-8')
-    print("<title>" + mykeywords + " - " + (soup2.find('meta', attrs={ "property": "og:title" }))['content'] + " - " + myunits +  "</title>")
+    print("<title>" + mykeywords + " - " + html.escape((soup2.find('meta', attrs={ "property": "og:title" }))['content']) + " - " + myunits +  "</title>")
     print("<link>" + mylink + "</link>")
     try:
-        print("<description>" + (soup2.find('div', class_="description")).string.strip() + '&lt;br&gt;' + (soup2.find('div', class_="description").find_next("p").string.strip()) + '&lt;hr&gt;' + myunits + "</description>")
+        print("<description>" + html.escape((soup2.find('div', class_="description")).string.strip() + '<br>' + (soup2.find('div', class_="description").find_next("p").string.strip()) + '<hr>' + myunits) + "</description>")
     except:
         print("<description></description>")
     print("</item>")