Commit 58e30e48 authored by Elouan Martinet's avatar Elouan Martinet
Browse files

fix(views): escape error message in ajax view

parent 7e82621d658a
Pipeline #54121 passed with stage
in 2 minutes and 59 seconds
......@@ -66,6 +66,7 @@ from functools import partial
from datetime import datetime
from logilab.common.registry import yes
from logilab.mtconverter import xml_escape
from cubicweb import ObjectNotFound, NoSelectableObject, ValidationError
from cubicweb.appobject import AppObject
......@@ -116,7 +117,7 @@ class AjaxController(Controller):
try:
func = self._cw.vreg['ajax-func'].select(fname, self._cw)
except ObjectNotFound:
raise RemoteCallFailed('no %s method' % fname,
raise RemoteCallFailed('no %s method' % xml_escape(fname),
status=http_client.BAD_REQUEST)
debug_mode = self._cw.vreg.config.debugmode
# no <arg> attribute means the callback takes no argument
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment