--- a/web/views/basecomponents.py Thu Sep 10 12:23:16 2009 +0200
+++ b/web/views/basecomponents.py Thu Sep 10 14:17:39 2009 +0200
@@ -148,7 +148,7 @@
title = self.req.property_value('ui.site-title')
if title:
self.w(u'<span id="appliName"><a href="%s">%s</a></span>' % (
- self.req.base_url(), title))
+ self.req.base_url(), xml_escape(title)))
class SeeAlsoVComponent(component.RelatedObjectsVComponent):
--- a/web/views/basetemplates.py Thu Sep 10 12:23:16 2009 +0200
+++ b/web/views/basetemplates.py Thu Sep 10 14:17:39 2009 +0200
@@ -441,8 +441,12 @@
self.req.add_css('cubicweb.login.css')
self.w(u'<div id="%s" class="%s">' % (id, klass))
if title:
- self.w(u'<div id="loginTitle">%s</div>'
- % (self.req.property_value('ui.site-title') or u' '))
+ stitle = self.req.property_value('ui.site-title')
+ if stitle:
+ stitle = xml_escape(stitle)
+ else:
+ stitle = u' '
+ self.w(u'<div id="loginTitle">%s</div>' % stitle)
self.w(u'<div id="loginContent">\n')
if message: