# HG changeset patch
# User Arthur Lutz <arthur.lutz@logilab.fr>
# Date 1470933168 -7200
# Thu Aug 11 18:32:48 2016 +0200
# Node ID e14f965a075d042b7f73f195f5a3bcc8aa59f350
# Parent 137e0ae93c450e195721aa90104b983f130f91d6
[views] fix URLs by using xml_escape
diff --git a/views.py b/views.py
--- a/views.py
+++ b/views.py
@@ -173,10 +173,10 @@
current_page = int(url_params.get('page', 1))
url_params['page'] = current_page - 1
if current_page - 1 >= 1:
- ul(t.li(t.a('<' * 3,
- href=self._cw.build_url(**url_params))))
+ ul(t.li(t.a(u' < ' * 3,
+ href=xml_escape(self._cw.build_url(**url_params)))))
else:
- ul(t.li(t.a('<' * 3)))
+ ul(t.li(t.a(u' < ' * 3)))
total_pages = (response.hits.total / 10) + 2
page_padding = 3
@@ -186,13 +186,13 @@
current_page - page_padding)):
self.page_number(url_params, page, current_page, ul)
if current_page > (page_padding * 2) + 1:
- ul(t.li(t.a("·" * 3)))
+ ul(t.li(t.a(u" · " * 3)))
for page in range(max(1, current_page - page_padding),
min(current_page + page_padding, total_pages)):
self.page_number(url_params, page, current_page, ul)
if current_page < total_pages - page_padding:
if current_page < total_pages - page_padding * 2:
- ul(t.li(t.a("·" * 3)))
+ ul(t.li(t.a(u" · " * 3)))
for page in range(max(current_page + page_padding,
total_pages - page_padding),
total_pages):
@@ -200,10 +200,10 @@
url_params['page'] = current_page + 1
if current_page + 1 >= (total_pages):
- ul(t.li(t.a('>' * 3)))
+ ul(t.li(t.a(u' > ' * 3)))
else:
- ul(t.li(t.a('>' * 3,
- href=self._cw.build_url(**url_params))))
+ ul(t.li(t.a(u' > ' * 3,
+ href=xml_escape(self._cw.build_url(**url_params)))))
def page_number(self, url_params, page, current_page, ul):
'''
@@ -213,10 +213,10 @@
url = self._cw.build_url(**url_params)
if page == current_page:
ul(t.li(t.a(t.b(page),
- href=url)))
+ href=xml_escape(url))))
else:
ul(t.li(t.a(page,
- href=url)))
+ href=xml_escape(url))))
return url
@property