| author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
| Wed, 23 Dec 2009 13:05:53 +0100 | |
| branch | stable |
| changeset 4205 | 4458c7cc193b |
| parent 4203 | e972fc306719 |
| child 4206 | cebdf8ee5ad7 |
| web/box.py | file | annotate | diff | comparison | revisions |
--- a/web/box.py Wed Dec 23 11:57:03 2009 +0100 +++ b/web/box.py Wed Dec 23 13:05:53 2009 +0100 @@ -190,7 +190,7 @@ args = {role[0] : entity.eid, target[0] : etarget.eid} url = self.user_rql_callback((rql, args)) # for each target, provide a link to edit the relation - label = u'[<a href="%s">%s</a>] %s' % (url, label, + label = u'[<a href="%s">%s</a>] %s' % (xml_escape(url), label, etarget.view('incontext')) return RawBoxItem(label, liclass=u'invisible')