[login template] missing xml_escape stable
authorSylvain Thénault <sylvain.thenault@logilab.fr>
Tue, 10 Aug 2010 18:27:02 +0200
branchstable
changeset 6091 560df423149a
parent 6090 887c069d88df
child 6092 ab4958e2654b
child 6093 9001a74fcc82
[login template] missing xml_escape
web/views/basetemplates.py
--- a/web/views/basetemplates.py	Tue Aug 10 18:26:43 2010 +0200
+++ b/web/views/basetemplates.py	Tue Aug 10 18:27:02 2010 +0200
@@ -328,12 +328,9 @@
 
     def call(self, view, **kwargs):
         self.main_header(view)
-        self.w(u'''
-  <div id="stateheader">''')
+        self.w(u'<div id="stateheader">')
         self.state_header()
-        self.w(u'''
-  </div>
-  ''')
+        self.w(u'</div>')
 
     def main_header(self, view):
         """build the top menu with authentification info and the rql box"""
@@ -478,7 +475,7 @@
             self.login_form(id) # Cookie authentication
         self.w(u'</div>')
         if self._cw.https and config.anonymous_user()[0]:
-            path = config['base-url'] + self._cw.relative_path()
+            path = xml_escape(config['base-url'] + self._cw.relative_path())
             self.w(u'<div class="loginMessage"><a href="%s">%s</a></div>\n'
                    % (path, self._cw._('No account? Try public access at %s') % path))
         self.w(u'</div>\n')