Skip to content
Snippets Groups Projects
Commit cac65e37cf6f authored by Nicolas Chauvat's avatar Nicolas Chauvat
Browse files

[views] bugfix html_escape is now xml_escape

parent 46264cc2e0a0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 10 additions and 10 deletions
views.py
+ 10
10
View file @ cac65e37
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
__docformat__ = "restructuredtext en" __docformat__ = "restructuredtext en"
_ = unicode _ = unicode
from logilab.mtconverter import html_escape from logilab.mtconverter import xml_escape
from cubicweb.selectors import is_instance from cubicweb.selectors import is_instance
from cubicweb.view import EntityView from cubicweb.view import EntityView
...@@ -27,8 +27,8 @@ ...@@ -27,8 +27,8 @@
show_attr_label = False show_attr_label = False
def render_entity_title(self, entity): def render_entity_title(self, entity):
title = u'<a href="%s">%s</a>' % (html_escape(entity.actual_url()), title = u'<a href="%s">%s</a>' % (xml_escape(entity.actual_url()),
html_escape(entity.title)) xml_escape(entity.title))
self.w(u'<h1><span class="etype">%s</span> %s</h1>' self.w(u'<h1><span class="etype">%s</span> %s</h1>'
% (entity.dc_type().capitalize(), title)) % (entity.dc_type().capitalize(), title))
...@@ -43,10 +43,10 @@ ...@@ -43,10 +43,10 @@
entity = self.cw_rset.complete_entity(row, col) entity = self.cw_rset.complete_entity(row, col)
descr = entity.printable_value('description', format='text/plain') descr = entity.printable_value('description', format='text/plain')
descr = descr and descr.splitlines()[0] descr = descr and descr.splitlines()[0]
values = {'title': html_escape(entity.title), values = {'title': xml_escape(entity.title),
'url': html_escape(entity.absolute_url()), 'url': xml_escape(entity.absolute_url()),
'description': html_escape(descr), 'description': xml_escape(descr),
} }
self.w(u'<a href="%(url)s" title="%(description)s">%(title)s</a>' self.w(u'<a href="%(url)s" title="%(description)s">%(title)s</a>'
% values) % values)
self.w(u'&nbsp;[<a href="%s">%s</a>]' self.w(u'&nbsp;[<a href="%s">%s</a>]'
...@@ -49,8 +49,8 @@ ...@@ -49,8 +49,8 @@
} }
self.w(u'<a href="%(url)s" title="%(description)s">%(title)s</a>' self.w(u'<a href="%(url)s" title="%(description)s">%(title)s</a>'
% values) % values)
self.w(u'&nbsp;[<a href="%s">%s</a>]' self.w(u'&nbsp;[<a href="%s">%s</a>]'
% (html_escape(entity.actual_url()), % (xml_escape(entity.actual_url()),
self._cw._('follow'))) self._cw._('follow')))
...@@ -61,9 +61,9 @@ ...@@ -61,9 +61,9 @@
def cell_call(self, row, col): def cell_call(self, row, col):
entity = self.cw_rset.complete_entity(row, col) entity = self.cw_rset.complete_entity(row, col)
values = {'title': html_escape(entity.title), values = {'title': xml_escape(entity.title),
'url': html_escape(entity.actual_url()), 'url': xml_escape(entity.actual_url()),
'description': html_escape(entity.printable_value('description')), 'description': xml_escape(entity.printable_value('description')),
} }
self.w(u'<a href="%(url)s" title="%(description)s">%(title)s</a>' self.w(u'<a href="%(url)s" title="%(description)s">%(title)s</a>'
% values) % values)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment