fix readdress loop

use better escaping in render

fixes #19

src/Ui/UiRequest.py

@@ -541,17 +541,36 @@ class UiRequest(object):
         if show_loadingscreen is None:
             show_loadingscreen = not site.storage.isFile(file_inner_path)
 
+        def xescape(s):
+            '''combines parts from re.escape & html.escape'''
+            # https://github.com/python/cpython/blob/3.10/Lib/re.py#L267
+            # '&' is handled otherwise
+            re_chars = {i: '\\' + chr(i) for i in  b'()[]{}*+-|^$\\.~# \t\n\r\v\f'}
+            # https://github.com/python/cpython/blob/3.10/Lib/html/__init__.py#L12
+            html_chars = {
+                '<' : '&lt;',
+                '>' : '&gt;',
+                '"' : '&quot;',
+                "'" : '&#x27;',
+            }
+            # we can't replace '&' because it makes certain zites work incorrectly
+            # it should however in no way interfere with re.sub in render
+            repl = {}
+            repl.update(re_chars)
+            repl.update(html_chars)
+            return s.translate(repl)
+
         return self.render(
             "src/Ui/template/wrapper.html",
             server_url=server_url,
             inner_path=inner_path,
-            file_url=html.escape(re.escape(file_url)),
-            file_inner_path=html.escape(re.escape(file_inner_path)),
+            file_url=xescape(file_url),
+            file_inner_path=xescape(file_inner_path),
             address=site.address,
-            title=html.escape(title),
+            title=xescape(title),
             body_style=body_style,
             meta_tags=meta_tags,
-            query_string=html.escape(re.escape(inner_query_string)),
+            query_string=xescape(inner_query_string),
             wrapper_key=site.settings["wrapper_key"],
             ajax_key=site.settings["ajax_key"],
             wrapper_nonce=wrapper_nonce,