# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1252585059 -7200
# Node ID 2413e5291e8db4b92731a702f36fdaece90ae39b
# Parent  b025592ff47843ea301f4fe46ac3564e61c1a9f3
properly escape site-title

diff -r b025592ff478 -r 2413e5291e8d web/views/basecomponents.py
--- a/web/views/basecomponents.py	Thu Sep 10 12:23:16 2009 +0200
+++ b/web/views/basecomponents.py	Thu Sep 10 14:17:39 2009 +0200
@@ -148,7 +148,7 @@
         title = self.req.property_value('ui.site-title')
         if title:
             self.w(u'<span id="appliName"><a href="%s">%s</a></span>' % (
-                self.req.base_url(), title))
+                self.req.base_url(), xml_escape(title)))
 
 
 class SeeAlsoVComponent(component.RelatedObjectsVComponent):
diff -r b025592ff478 -r 2413e5291e8d web/views/basetemplates.py
--- a/web/views/basetemplates.py	Thu Sep 10 12:23:16 2009 +0200
+++ b/web/views/basetemplates.py	Thu Sep 10 14:17:39 2009 +0200
@@ -441,8 +441,12 @@
         self.req.add_css('cubicweb.login.css')
         self.w(u'<div id="%s" class="%s">' % (id, klass))
         if title:
-            self.w(u'<div id="loginTitle">%s</div>'
-                   % (self.req.property_value('ui.site-title') or u'&#160;'))
+            stitle = self.req.property_value('ui.site-title')
+            if stitle:
+                stitle = xml_escape(stitle)
+            else:
+                stitle = u'&#160;'
+            self.w(u'<div id="loginTitle">%s</div>' % stitle)
         self.w(u'<div id="loginContent">\n')
 
         if message: