branch | stable |
changeset 4205 | 4458c7cc193b |
parent 3220 | 11b6016e3970 |
child 4212 | ab6573088b4a |
--- a/web/box.py Wed Dec 23 11:57:03 2009 +0100 +++ b/web/box.py Wed Dec 23 13:05:53 2009 +0100 @@ -190,7 +190,7 @@ args = {role[0] : entity.eid, target[0] : etarget.eid} url = self.user_rql_callback((rql, args)) # for each target, provide a link to edit the relation - label = u'[<a href="%s">%s</a>] %s' % (url, label, + label = u'[<a href="%s">%s</a>] %s' % (xml_escape(url), label, etarget.view('incontext')) return RawBoxItem(label, liclass=u'invisible')