10 _ = unicode |
10 _ = unicode |
11 |
11 |
12 from cStringIO import StringIO |
12 from cStringIO import StringIO |
13 |
13 |
14 from logilab.common.deprecation import obsolete |
14 from logilab.common.deprecation import obsolete |
15 from logilab.mtconverter import html_escape |
15 from logilab.mtconverter import xml_escape |
16 |
16 |
17 from cubicweb import NotAnEntity |
17 from cubicweb import NotAnEntity |
18 from cubicweb.selectors import yes, non_final_entity, nonempty_rset, none_rset |
18 from cubicweb.selectors import yes, non_final_entity, nonempty_rset, none_rset |
19 from cubicweb.selectors import require_group_compat, accepts_compat |
19 from cubicweb.selectors import require_group_compat, accepts_compat |
20 from cubicweb.appobject import AppRsetObject |
20 from cubicweb.appobject import AppRsetObject |
217 def whead(self, data): |
217 def whead(self, data): |
218 self.req.html_headers.write(data) |
218 self.req.html_headers.write(data) |
219 |
219 |
220 def wdata(self, data): |
220 def wdata(self, data): |
221 """simple helper that escapes `data` and writes into `self.w`""" |
221 """simple helper that escapes `data` and writes into `self.w`""" |
222 self.w(html_escape(data)) |
222 self.w(xml_escape(data)) |
223 |
223 |
224 def html_headers(self): |
224 def html_headers(self): |
225 """return a list of html headers (eg something to be inserted between |
225 """return a list of html headers (eg something to be inserted between |
226 <head> and </head> of the returned page |
226 <head> and </head> of the returned page |
227 |
227 |
438 if nonify: |
438 if nonify: |
439 _cb = cb |
439 _cb = cb |
440 def cb(*args): |
440 def cb(*args): |
441 _cb(*args) |
441 _cb(*args) |
442 cbname = self.req.register_onetime_callback(cb, *args) |
442 cbname = self.req.register_onetime_callback(cb, *args) |
443 return self.build_js(cbname, html_escape(msg or '')) |
443 return self.build_js(cbname, xml_escape(msg or '')) |
444 |
444 |
445 def build_update_js_call(self, cbname, msg): |
445 def build_update_js_call(self, cbname, msg): |
446 rql = html_escape(self.rset.printable_rql()) |
446 rql = xml_escape(self.rset.printable_rql()) |
447 return "javascript:userCallbackThenUpdateUI('%s', '%s', '%s', '%s', '%s', '%s')" % ( |
447 return "javascript:userCallbackThenUpdateUI('%s', '%s', '%s', '%s', '%s', '%s')" % ( |
448 cbname, self.id, rql, msg, self.__registry__, self.div_id()) |
448 cbname, self.id, rql, msg, self.__registry__, self.div_id()) |
449 |
449 |
450 def build_reload_js_call(self, cbname, msg): |
450 def build_reload_js_call(self, cbname, msg): |
451 return "javascript:userCallbackThenReloadPage('%s', '%s')" % (cbname, msg) |
451 return "javascript:userCallbackThenReloadPage('%s', '%s')" % (cbname, msg) |