Commit e3076e9a authored by Arthur Lutz's avatar Arthur Lutz

[views] escape xml to avoid wrong xhtml

parent b408799c9a8e
......@@ -20,6 +20,7 @@ from cubicweb.utils import RepeatList
from cubicweb.view import EntityView
from cubicweb.web.views import primary, navigation
from cubicweb.selectors import is_instance
from logilab.mtconverter import xml_escape
class StatPeriodPrimaryView(primary.PrimaryView):
"""
......@@ -60,8 +61,8 @@ class StatPeriodPrimaryView(primary.PrimaryView):
self.wview('table', rset, 'null')
# cf rql/editextensions.py unset_limit
nolimit_rql = typedrql.replace('LIMIT 20', '')
self.w(u'<a href="%s">Export CSV</a>' % self._cw.build_url('', rql=nolimit_rql % {'e':entity.eid},
vid='csvexport'))
self.w(u'<a href="%s">Export CSV</a>' % xml_escape(self._cw.build_url('', rql=nolimit_rql % {'e':entity.eid},
vid='csvexport')))
#FIXME TODO not working right now
self.wview('piechart', rset, 'null')
self.w(u'</td>')
......@@ -70,8 +71,8 @@ class StatPeriodPrimaryView(primary.PrimaryView):
rset = self._cw.execute(rql, {'e':entity.eid})
self.wview('table', rset, 'null')
nolimit_rql = rql.replace('LIMIT 20', '')
self.w(u'<a href="%s">Export CSV</a>' % self._cw.build_url('', rql=nolimit_rql % {'e':entity.eid},
vid='csvexport'))
self.w(u'<a href="%s">Export CSV</a>' % xml_escape(self._cw.build_url('', rql=nolimit_rql % {'e':entity.eid},
vid='csvexport')))
self.w(u'</div>')
......
......@@ -37,7 +37,7 @@ from cubes.awstats.utils import SECTIONSPEC, SECTIONLABELS, \
def extract_available_time_periods(form, **attrs):
""" extract available time periods from list of awstats files """
periods = []
selected_domain = form._cw.form.get('domain', '')
selected_domain = form._cw.form.get('domain', form._cw.vreg.config['awstats-domain'])
awstats_dir = form._cw.vreg.config['awstats-dir']
periodicity = form._cw.vreg.config['awstats-periodicity']
size = {
......@@ -283,16 +283,16 @@ class StatPeriodsView(StartupView):
rset = self._cw.execute(typedrql)
self.generate_table_form(rset, etypes)
nolimit_rql = typedrql.replace('LIMIT %s' % limit, '')
self.w(u'<a href="%s">Export CSV</a>' % self._cw.build_url(rql=nolimit_rql,
vid='csvexport'))
self.w(u'<a href="%s">Export CSV</a>' % xml_escape(self._cw.build_url(rql=nolimit_rql,
vid='csvexport')))
self.w(u'</td>')
self.w(u'</tr></table>')
else:
rset = self._cw.execute(rql)
self.generate_table_form(rset)
nolimit_rql = rql.replace('LIMIT %s' % limit, '')
self.w(u'<a href="%s">Export CSV</a>' % self._cw.build_url(rql=nolimit_rql,
vid='csvexport'))
self.w(u'<a href="%s">Export CSV</a>' % xml_escape(self._cw.build_url(rql=nolimit_rql,
vid='csvexport')))
self.w(u'</div>')
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment