Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
web/box.py
branchstable
changeset 4205 4458c7cc193b
parent 3220 11b6016e3970
child 4212 ab6573088b4a 
--- a/web/box.py	Wed Dec 23 11:57:03 2009 +0100
+++ b/web/box.py	Wed Dec 23 13:05:53 2009 +0100
@@ -190,7 +190,7 @@
         args = {role[0] : entity.eid, target[0] : etarget.eid}
         url = self.user_rql_callback((rql, args))
         # for each target, provide a link to edit the relation
-        label = u'[<a href="%s">%s</a>] %s' % (url, label,
+        label = u'[<a href="%s">%s</a>] %s' % (xml_escape(url), label,
                                                etarget.view('incontext'))
         return RawBoxItem(label, liclass=u'invisible')
cubicweb