[views] use xml_escape instead of html_escape

dbdedcedff5c · Sandrine Ribeau · 52afeac04d88 · dbdedced
Commit dbdedcedff5c authored 15 years ago by Sandrine Ribeau
--- a/views.py
+++ b/views.py
@@ -9,7 +9,7 @@
 from itertools import count
-from logilab.mtconverter import html_escape
+from logilab.mtconverter import xml_escape
 from logilab.common.decorators import monkeypatch
 from simplejson import dumps
@@ -24,7 +24,7 @@
 from cubicweb.web.action import LinkToEntityAction, Action
 from cubicweb.web.form import FormViewMixIn
 from cubicweb.web.formwidgets import Button
-from cubicweb.web.views import primary, baseviews
+from cubicweb.web.views import primary, baseviews, xmlrss
 from cubicweb.web.component import EntityVComponent
 from cubicweb.web.views.basecontrollers import JSonController
@@ -88,7 +88,7 @@
        entity = self.entity(row, col)
        root = entity.root()
        self.w(u'[<a href="%s">#%s</a>] '
-               % (html_escape(root.absolute_url()), root.eid))
+               % (xml_escape(root.absolute_url()), root.eid))
        maxsize = self.req.property_value('navigation.short-line-size')
        maxsize = maxsize - len(str(root.eid))
        content = entity.printable_value('content', format='text/plain')
@@ -92,5 +92,5 @@
        maxsize = self.req.property_value('navigation.short-line-size')
        maxsize = maxsize - len(str(root.eid))
        content = entity.printable_value('content', format='text/plain')
-        content = html_escape(cut(content, maxsize))
+        content = xml_escape(cut(content, maxsize))
        self.w(u'<a href="%s">#%s <i>%s</i></a>\n' % (
@@ -96,5 +96,5 @@
        self.w(u'<a href="%s">#%s <i>%s</i></a>\n' % (
-            html_escape(entity.absolute_url()), entity.eid, content))
+            xml_escape(entity.absolute_url()), entity.eid, content))
 class CommentTreeItemView(baseviews.ListItemView):
@@ -118,11 +118,11 @@
                'comment%sHolder' % entity.eid, rql_for_eid(entity.eid),
                'inlinecomment')
            reply = ' | %s <a href="%s"> %s </a>' % ( _login_register_link(self),
-                                                    html_escape(url),
+                                                      xml_escape(url),
-                                                    _(action.title))
+                                                      _(action.title))
        if editaction is None:
            edit = u''
        else:
            url = self.req.build_ajax_replace_url(
                'comment%s' % entity.eid, rql_for_eid(entity.eid),
                'editcomment')
@@ -123,10 +123,10 @@
        if editaction is None:
            edit = u''
        else:
            url = self.req.build_ajax_replace_url(
                'comment%s' % entity.eid, rql_for_eid(entity.eid),
                'editcomment')
-            edit = ' | <a href="%s">%s</a>' % (html_escape(url),
+            edit = ' | <a href="%s">%s</a>' % (xml_escape(url),
                                               _(editaction.title))
        text = entity.printable_value('content')
        if not kwargs.get('full'):