Commit 0bd65152 authored by Sylvain Thénault's avatar Sylvain Thénault
Browse files

properly escape content

parent 2dd810ae668e
from logilab.mtconverter import xml_escape
from cubicweb.selectors import is_instance, adaptable
from cubicweb.view import EntityView
......@@ -26,6 +27,7 @@ class AStreamItemView(EntityView):
u'<span class="author">%s</span>'
u'<span class="msgtxt">%s</span>'
u'<span class="meta"><a href="%s">%s</a></span>'
u'</div>' % (, activity.content,
u'</div>' % (xml_escape(,
self._cw.format_date(, time=True)))
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment