Commit 0bd65152 authored by Sylvain Thénault's avatar Sylvain Thénault
Browse files

properly escape content

parent 2dd810ae668e
from logilab.mtconverter import xml_escape
from cubicweb.selectors import is_instance, adaptable from cubicweb.selectors import is_instance, adaptable
from cubicweb.view import EntityView from cubicweb.view import EntityView
...@@ -26,6 +27,7 @@ class AStreamItemView(EntityView): ...@@ -26,6 +27,7 @@ class AStreamItemView(EntityView):
u'<span class="author">%s</span>' u'<span class="author">%s</span>'
u'<span class="msgtxt">%s</span>' u'<span class="msgtxt">%s</span>'
u'<span class="meta"><a href="%s">%s</a></span>' u'<span class="meta"><a href="%s">%s</a></span>'
u'</div>' % (activity.actor, activity.content, u'</div>' % (xml_escape(activity.actor),
entity.absolute_url(), xml_escape(activity.content),
xml_escape(entity.absolute_url()),
self._cw.format_date(activity.date, time=True))) self._cw.format_date(activity.date, time=True)))
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment