Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
web/box.py
changeset 4094 8b0c6c272ad9
parent 3451 6b46d73823f5
child 4161 4273f5094651 
--- a/web/box.py	Wed Dec 09 18:28:10 2009 +0100
+++ b/web/box.py	Wed Dec 09 14:11:53 2009 +0100
@@ -186,7 +186,7 @@
         args = {role[0] : entity.eid, target[0] : etarget.eid}
         url = self.user_rql_callback((rql, args))
         # for each target, provide a link to edit the relation
-        label = u'[<a href="%s">%s</a>] %s' % (url, label,
+        label = u'[<a href="%s">%s</a>] %s' % (xml_escape(url), label,
                                                etarget.view('incontext'))
         return RawBoxItem(label, liclass=u'invisible')
cubicweb