Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
if textoutofcontext, we need to html escape stable
authorAurelien Campeas <aurelien.campeas@logilab.fr>
Wed, 27 May 2009 15:54:29 +0200
branchstable
changeset 1971 5e6799e86088
parent 1965 34f57246330d
child 1972 2d015f8fafae
if textoutofcontext, we need to html escape
web/data/cubicweb.edition.js file | annotate | diff | comparison | revisions
web/views/basecontrollers.py file | annotate | diff | comparison | revisions 
--- a/web/data/cubicweb.edition.js	Wed May 27 15:01:19 2009 +0200
+++ b/web/data/cubicweb.edition.js	Wed May 27 15:54:29 2009 +0200
@@ -505,7 +505,7 @@
 	return false;
     }
     d.addCallback(function (result, req) {
-	    handleFormValidationResponse(formid, noop, noop, result);
+        handleFormValidationResponse(formid, noop, noop, result);
 	var fieldview = getNode(divid);
         fieldview.innerHTML = result[2];
 	// switch inline form off only if no error
--- a/web/views/basecontrollers.py	Wed May 27 15:01:19 2009 +0200
+++ b/web/views/basecontrollers.py	Wed May 27 15:54:29 2009 +0200
@@ -14,6 +14,7 @@
 import simplejson
 
 from logilab.common.decorators import cached
+from logilab.mtconverter import html_escape
 
 from cubicweb import NoSelectableObject, ValidationError, ObjectNotFound, typed_eid
 from cubicweb.utils import strptime
@@ -416,6 +417,8 @@
             rset = entity.related(rtype, role)
             if rset:
                 output = self.view(vid, rset)
+                if vid == 'textoutofcontext':
+                    output = html_escape(output)
             else:
                 output = default
             return (success, args, output)
cubicweb