cubicweb: comparison web/views/editforms.py

equal deleted inserted replaced

-:f178182b1305
+:af4d8f75c5db
 from copy import copy
 from simplejson import dumps
-from logilab.mtconverter import html_escape
+from logilab.mtconverter import xml_escape
 from cubicweb.selectors import (match_kwargs, one_line_rset, non_final_entity,
 specified_etype_implements, yes)
 from cubicweb.utils import make_uid
 from cubicweb.view import EntityView
 def toggleable_relation_link(eid, nodeid, label='x'):
 """return javascript snippet to delete/undelete a relation between two
 entities
 """
 js = u"javascript: togglePendingDelete('%s', %s);" % (
-nodeid, html_escape(dumps(eid)))
+nodeid, xml_escape(dumps(eid)))
 return u'[<a class="handle" href="%s" id="handle%s">%s</a>]' % (
 js, nodeid, label)
 class DeleteConfForm(FormViewMixIn, EntityView):
 if not entity.has_perm('update'):
 self.w(value)
 return
 else:
 rset = entity.related(rtype, role)
-# XXX html_escape but that depends of the actual vid
+# XXX xml_escape but that depends of the actual vid
-value = html_escape(self.view(vid, rset, 'null') or default)
+value = xml_escape(self.view(vid, rset, 'null') or default)
 # XXX consider local roles ?
 if role == 'subject'and not rschema.has_perm(self.req, 'add',
 fromeid=entity.eid):
 self.w(value)
 return