def return_results(): category = request.args.get('category') number_of_questions = request.args.get("number_of_questions") result = request.form score = 0 wrong = 0 qlist = {} for qid, answered in result.items(): b = Questions.query.filter_by(questionid=Markup.unescape(qid)).all() for a in b: if (a): qlist[a.questionid] = a.answer if (a.answer == Markup.unescape(answered)): score += 1 else: wrong += 1 res = Results.query.filter(Results.score < 0).first() number_of_questions = res.score * -1 res.score = -1 * (score * 100) / (res.score) [ db.session.delete(i) for i in Results.query.filter_by( userid=current_user.userid).filter(Results.score < 0) ] db.session.commit() resp = { 'score': res.score, 'qna': qlist, 'correct_questions': score, 'wrong_questions': wrong } db.session.commit() return (jsonify(resp))
def index(): db = DBops() posts = db.get_posts() labels_lst = ['label-default','label-primary','label-success','label-info','label-warning','label-danger'] total_lst =[] #sample = ['ds9','tag2','star trek','four','another','six'] for i in posts: lst = comma_parse(i['tags']) total_lst.append(lst) i = 0 for i in range(len(posts)): # Remember how I used Markup.escape() before added into db to prevent SQL Syntax probs, # Now, I am using Markup.unescape() to reverse the process before displaying onto the page posts[i]['content'] = Markup.unescape(posts[i]['content']) i = i + 1 return render_template('index.html',posts=posts,labels=labels_lst,tags=total_lst,len_posts=len(posts),blogtitle=blog_title)
def markup_unescape_test(): search_query = request.args.get('q') # ruleid: explicit-unescape-with-markup return render_template('/markup-unescape.html', query=Markup.unescape(search_query))
def post(postid): db = DBops() post = db.get_posts(id=postid) post['content'] = Markup.unescape(post['content']) return render_template('post.html',post=post, blogtitle=blog_title)
def invalid_usage(error): response = make_response(error.message) response.status_code = error.status_code print(response) return Markup.unescape('<h1 align="center">%s</h1>') % error.message
def to_html(self): try: return Markup.unescape(self.md_processor.convert(self.source)) except: traceback.print_exc() return ''