') @@ -416,9 +416,9 @@ strings.append(u'File %s, line ' u'%s, function ' u'%s:
'%( - html_escape(stackentry[0]), stackentry[1], html_escape(stackentry[2]))) + xml_escape(stackentry[0]), stackentry[1], xml_escape(stackentry[2]))) if stackentry[3]: - string = html_escape(stackentry[3]).decode('utf-8', 'replace') + string = xml_escape(stackentry[3]).decode('utf-8', 'replace') strings.append(u' %s
\n' % (string)) # add locals info for each entry try: @@ -426,7 +426,7 @@ html_info = [] chars = 0 for name, value in local_context.iteritems(): - value = html_escape(repr(value)) + value = xml_escape(repr(value)) info = u'%s=%s, ' % (name, value) line_length = len(name) + len(value) chars += line_length @@ -491,5 +491,5 @@ def newfunc(*args, **kwargs): ret = function(*args, **kwargs) assert isinstance(ret, basestring) - return html_escape(ret) + return xml_escape(ret) return newfunc diff -r f178182b1305 -r af4d8f75c5db entity.py --- a/entity.py Tue Jul 07 13:25:24 2009 +0200 +++ b/entity.py Tue Jul 07 13:26:44 2009 +0200 @@ -13,7 +13,7 @@ from logilab.common.compat import all from logilab.common.decorators import cached from logilab.common.deprecation import obsolete -from logilab.mtconverter import TransformData, TransformError, html_escape +from logilab.mtconverter import TransformData, TransformError, xml_escape from rql.utils import rqlvar_maker @@ -456,7 +456,7 @@ return u'' value = printable_value(self.req, attrtype, value, props, displaytime) if format == 'text/html': - value = html_escape(value) + value = xml_escape(value) return value def mtc_transform(self, data, format, target_format, encoding, diff -r f178182b1305 -r af4d8f75c5db ext/html4zope.py --- a/ext/html4zope.py Tue Jul 07 13:25:24 2009 +0200 +++ b/ext/html4zope.py Tue Jul 07 13:26:44 2009 +0200 @@ -24,7 +24,7 @@ __docformat__ = 'reStructuredText' -from logilab.mtconverter import html_escape +from logilab.mtconverter import xml_escape from docutils import nodes from docutils.writers.html4css1 import Writer as CSS1Writer @@ -154,7 +154,7 @@ error = u'System Message: %s%s/%s%s (%s %s)%s

\n' % ( a_start, node['type'], node['level'], a_end, self.encode(node['source']), line, backref_text) - self.body.append(u'

ReST / HTML errors:%s

' % html_escape(error)) + self.body.append(u'

ReST / HTML errors:%s

' % xml_escape(error)) def depart_system_message(self, node): pass diff -r f178182b1305 -r af4d8f75c5db ext/rest.py --- a/ext/rest.py Tue Jul 07 13:25:24 2009 +0200 +++ b/ext/rest.py Tue Jul 07 13:26:44 2009 +0200 @@ -29,7 +29,7 @@ from docutils.parsers.rst import Parser, states, directives from docutils.parsers.rst.roles import register_canonical_role, set_classes -from logilab.mtconverter import ESC_UCAR_TABLE, ESC_CAR_TABLE, html_escape +from logilab.mtconverter import ESC_UCAR_TABLE, ESC_CAR_TABLE, xml_escape from cubicweb.ext.html4zope import Writer @@ -236,5 +236,5 @@ LOGGER.exception('error while publishing ReST text') if not isinstance(data, unicode): data = unicode(data, encoding, 'replace') - return html_escape(req._('error while publishing ReST text') + return xml_escape(req._('error while publishing ReST text') + '\n\n' + data) diff -r f178182b1305 -r af4d8f75c5db goa/appobjects/components.py --- a/goa/appobjects/components.py Tue Jul 07 13:25:24 2009 +0200 +++ b/goa/appobjects/components.py Tue Jul 07 13:26:44 2009 +0200 @@ -7,7 +7,7 @@ """ __docformat__ = "restructuredtext en" -from logilab.mtconverter import html_escape +from logilab.mtconverter import xml_escape from cubicweb import typed_eid from cubicweb.selectors import one_line_rset, match_search_state, accept @@ -74,7 +74,7 @@ label = display_name(req, etype, 'plural') view = self.vreg.select_view('list', req, req.etype_rset(etype)) url = view.url() - etypelink = u' %s' % (html_escape(url), label) + etypelink = u' %s' % (xml_escape(url), label) yield (label, etypelink, self.add_entity_link(eschema, req)) ManageView.entity_types = entity_types_no_count diff -r f178182b1305 -r af4d8f75c5db goa/appobjects/dbmgmt.py --- a/goa/appobjects/dbmgmt.py Tue Jul 07 13:25:24 2009 +0200 +++ b/goa/appobjects/dbmgmt.py Tue Jul 07 13:26:44 2009 +0200 @@ -12,7 +12,7 @@ from pickle import loads, dumps from logilab.common.decorators import cached -from logilab.mtconverter import html_escape +from logilab.mtconverter import xml_escape from cubicweb.selectors import none_rset, match_user_groups from cubicweb.common.view import StartupView @@ -54,7 +54,7 @@ break values.append('__session=%s' % cookie['__session'].value) self.w(u"

pass this flag to the client: --cookie='%s'

" - % html_escape('; '.join(values))) + % xml_escape('; '.join(values))) @@ -148,7 +148,7 @@ % cpath) self.w(u'

click here to ' 'delete all datastore content so process can be ' - 'reinitialized

' % html_escape(self.req.base_url())) + 'reinitialized

continue

\n' % facetid) self.w(u'

\n' % - (html_escape(facetid), title)) + (xml_escape(facetid), title)) if self.facet.support_and(): _ = self.facet.req._ self.w(u''' ''' % (not self.propval('visible') and 'hidden' or '', - self.build_url('view'), html_escape(rql), req._('full text or RQL query'), req.next_tabindex(), + self.build_url('view'), xml_escape(rql), req._('full text or RQL query'), req.next_tabindex(), req.next_tabindex())) if self.req.search_state[0] != 'normal': self.w(u'' @@ -202,7 +202,7 @@ url = self.build_url(rql=newrql, __restrrql=restrrql, __restrtype=etype, __restrtypes=','.join(restrtypes)) html.append(u'%s' % ( - html_escape(url), elabel)) + xml_escape(url), elabel)) rqlst.recover() if on_etype: url = self.build_url(rql=restrrql) diff -r f178182b1305 -r af4d8f75c5db web/views/basecontrollers.py --- a/web/views/basecontrollers.py Tue Jul 07 13:25:24 2009 +0200 +++ b/web/views/basecontrollers.py Tue Jul 07 13:26:44 2009 +0200 @@ -15,7 +15,7 @@ import simplejson from logilab.common.decorators import cached -from logilab.mtconverter import html_escape +from logilab.mtconverter import xml_escape from cubicweb import NoSelectableObject, ValidationError, ObjectNotFound, typed_eid from cubicweb.utils import strptime @@ -411,7 +411,7 @@ if rset: output = self.view(vid, rset) if vid == 'textoutofcontext': - output = html_escape(output) + output = xml_escape(output) else: output = default return (success, args, output) diff -r f178182b1305 -r af4d8f75c5db web/views/baseforms.py --- a/web/views/baseforms.py Tue Jul 07 13:25:24 2009 +0200 +++ b/web/views/baseforms.py Tue Jul 07 13:26:44 2009 +0200 @@ -12,7 +12,7 @@ from simplejson import dumps -from logilab.mtconverter import html_escape +from logilab.mtconverter import xml_escape from logilab.common.decorators import cached from cubicweb.selectors import (specified_etype_implements, accepts_etype_compat, @@ -148,7 +148,7 @@ output = [] for name, value, iid in self._hiddens: if isinstance(value, basestring): - value = html_escape(value) + value = xml_escape(value) if iid: output.append(u'' % (iid, name, value)) @@ -249,14 +249,14 @@ w(u'[x]' % (_('cancel this insert'), row[2])) w(u'%s' - % (row[1], row[4], html_escape(row[5]))) + % (row[1], row[4], xml_escape(row[5]))) w(u'') w(u'') w(u'' % eid) w(u'') w(u'%s' % _('add relation')) w(u'

') if entity.alias: - self.w(u'%s <' % html_escape(entity.alias)) - self.w('%s' % (html_escape(entity.absolute_url()), - html_escape(entity.display_address()))) + self.w(u'%s <' % xml_escape(entity.alias)) + self.w('%s' % (xml_escape(entity.absolute_url()), + xml_escape(entity.display_address()))) if entity.alias: self.w(u'>\n') if entity.reverse_primary_email: @@ -109,8 +109,8 @@ mailto = "mailto:%s <%s>" % (alias, entity.display_address()) else: mailto = "mailto:%s" % entity.display_address() - self.w(u'%s' % (html_escape(mailto), - html_escape(entity.display_address()))) + self.w(u'%s' % (xml_escape(mailto), + xml_escape(entity.display_address()))) if entity.reverse_primary_email: self.w(u'

' % ( - vid, html_escape(self.build_url('json', **urlparams)))) + vid, xml_escape(self.build_url('json', **urlparams)))) if show_spinbox: w(u'

' % (vid, self.req._('loading'))) diff -r f178182b1305 -r af4d8f75c5db web/views/timeline.py --- a/web/views/timeline.py Tue Jul 07 13:25:24 2009 +0200 +++ b/web/views/timeline.py Tue Jul 07 13:26:44 2009 +0200 @@ -11,7 +11,7 @@ import simplejson -from logilab.mtconverter import html_escape +from logilab.mtconverter import xml_escape from cubicweb.interfaces import ICalendarable from cubicweb.selectors import implements @@ -68,7 +68,7 @@ if start is None and stop is None: return None event_data = {'start': start.strftime(self.date_fmt), - 'title': html_escape(entity.dc_title()), + 'title': xml_escape(entity.dc_title()), 'description': entity.dc_description(format='text/html'), 'link': entity.absolute_url(), } @@ -95,7 +95,7 @@ additional = u'' self.w(u'') diff -r f178182b1305 -r af4d8f75c5db web/views/timetable.py --- a/web/views/timetable.py Tue Jul 07 13:25:24 2009 +0200 +++ b/web/views/timetable.py Tue Jul 07 13:26:44 2009 +0200 @@ -6,7 +6,7 @@ :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses """ -from logilab.mtconverter import html_escape +from logilab.mtconverter import xml_escape from cubicweb.interfaces import ITimetableViews from cubicweb.selectors import implements @@ -190,7 +190,7 @@ if value: task_descr, first_row = value if first_row: - url = html_escape(task_descr.task.absolute_url(vid="edition")) + url = xml_escape(task_descr.task.absolute_url(vid="edition")) self.w(u'

' % ( task_descr.lines, task_descr.color, filled_klasses[kj], url)) task_descr.task.view('tooltip', w=self.w) diff -r f178182b1305 -r af4d8f75c5db web/views/treeview.py --- a/web/views/treeview.py Tue Jul 07 13:25:24 2009 +0200 +++ b/web/views/treeview.py Tue Jul 07 13:26:44 2009 +0200 @@ -8,7 +8,7 @@ __docformat__ = "restructuredtext en" from logilab.common.decorators import monkeypatch -from logilab.mtconverter import html_escape +from logilab.mtconverter import xml_escape from cubicweb.utils import make_uid from cubicweb.interfaces import ITree @@ -113,7 +113,7 @@ w(u'

' % u' '.join(liclasses)) else: rql = entity.children_rql() % {'x': entity.eid} - url = html_escape(self.build_url('json', rql=rql, vid=parentvid, + url = xml_escape(self.build_url('json', rql=rql, vid=parentvid, pageid=self.req.pageid, treeid=treeid, fname='view', diff -r f178182b1305 -r af4d8f75c5db web/views/workflow.py --- a/web/views/workflow.py Tue Jul 07 13:25:24 2009 +0200 +++ b/web/views/workflow.py Tue Jul 07 13:26:44 2009 +0200 @@ -11,7 +11,7 @@ __docformat__ = "restructuredtext en" _ = unicode -from logilab.mtconverter import html_escape +from logilab.mtconverter import xml_escape from logilab.common.graph import escape, GraphGenerator, DotBackend from cubicweb import Unauthorized, view @@ -119,7 +119,7 @@ __select__ = implements('State') def cell_call(self, row, col): - self.w(html_escape(self.view('textincontext', self.rset, + self.w(xml_escape(self.view('textincontext', self.rset, row=row, col=col))) @@ -146,8 +146,8 @@ self.w(u'

%s

' % (self.req._('workflow for %s') % display_name(self.req, entity.name))) self.w(u'

' % ( - html_escape(entity.absolute_url(vid='ewfgraph')), - html_escape(self.req._('graphical workflow for %s') % entity.name))) + xml_escape(entity.absolute_url(vid='ewfgraph')), + xml_escape(self.req._('graphical workflow for %s') % entity.name))) class WorkflowDotPropsHandler(object): diff -r f178182b1305 -r af4d8f75c5db web/views/xbel.py --- a/web/views/xbel.py Tue Jul 07 13:25:24 2009 +0200 +++ b/web/views/xbel.py Tue Jul 07 13:26:44 2009 +0200 @@ -8,7 +8,7 @@ __docformat__ = "restructuredtext en" _ = unicode -from logilab.mtconverter import html_escape +from logilab.mtconverter import xml_escape from cubicweb.selectors import implements from cubicweb.view import EntityView @@ -42,8 +42,8 @@ def cell_call(self, row, col): entity = self.complete_entity(row, col) - self.w(u'' % html_escape(self.url(entity))) - self.w(u' %s' % html_escape(entity.dc_title())) + self.w(u'' % xml_escape(self.url(entity))) + self.w(u' %s' % xml_escape(entity.dc_title())) self.w(u'') def url(self, entity): diff -r f178182b1305 -r af4d8f75c5db web/widgets.py --- a/web/widgets.py Tue Jul 07 13:25:24 2009 +0200 +++ b/web/widgets.py Tue Jul 07 13:26:44 2009 +0200 @@ -12,7 +12,7 @@ from datetime import datetime -from logilab.mtconverter import html_escape +from logilab.mtconverter import xml_escape from yams.constraints import SizeConstraint, StaticVocabularyConstraint @@ -247,9 +247,9 @@ value = self.current_value(entity) dvalue = self.current_display_value(entity) if isinstance(value, basestring): - value = html_escape(value) + value = xml_escape(value) if isinstance(dvalue, basestring): - dvalue = html_escape(dvalue) + dvalue = xml_escape(dvalue) return u'%s' % ( self.hidden_input(entity, value), self.input_type, self.rname, dvalue, self.format_attrs()) @@ -323,9 +323,9 @@ value = self.current_value(entity) dvalue = self.current_display_value(entity) if isinstance(value, basestring): - value = html_escape(value) + value = xml_escape(value) if isinstance(dvalue, basestring): - dvalue = html_escape(dvalue) + dvalue = xml_escape(dvalue) iid = self.attrs.pop('id') if self.required(entity): cssclass = u' required' @@ -337,7 +337,7 @@ 'iid': iid, 'hidden': self.hidden_input(entity, value), 'wdgtype': self.wdgtype, - 'url': html_escape(dataurl), + 'url': xml_escape(dataurl), 'tabindex': self.attrs.pop('tabindex'), 'value': dvalue, 'attrs': self.format_attrs(), @@ -398,7 +398,7 @@ editor = self._edit_render_textarea(entity, with_format) value = self.current_value(entity) if isinstance(value, basestring): - value = html_escape(value) + value = xml_escape(value) return u'%s%s' % (self.hidden_input(entity, value), editor) def _edit_render_textarea(self, entity, with_format): @@ -406,7 +406,7 @@ self.attrs.setdefault('rows', 20) dvalue = self.current_display_value(entity) if isinstance(dvalue, basestring): - dvalue = html_escape(dvalue) + dvalue = xml_escape(dvalue) if entity.use_fckeditor(self.name): entity.req.fckeditor_config() if with_format: @@ -472,9 +472,9 @@ or entity.e_schema.has_metadata(self.name, 'encoding')): divid = '%s-%s-advanced' % (self.name, entity.eid) wdgs.append(u'

' % - (html_escape(toggle_action(divid)), + (xml_escape(toggle_action(divid)), req._('show advanced fields'), - html_escape(req.build_url('data/puce_down.png')), + xml_escape(req.build_url('data/puce_down.png')), req._('show advanced fields'))) wdgs.append(u'