cubicweb: changeset 432:8a7f619fce96

summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help

author	sylvain.thenault@logilab.fr
	Thu, 15 Jan 2009 14:39:19 +0100
branch	3.0
changeset 432	8a7f619fce96
parent 431	18b4dd650ef8
child 433	95cb5b6e15c6
child 434	915b4c6ffe5e

--- a/web/views/basetemplates.py	Thu Jan 15 13:27:33 2009 +0100
+++ b/web/views/basetemplates.py	Thu Jan 15 14:39:19 2009 +0100
@@ -194,7 +194,7 @@
         w(u'<div id="pageContent">\n')
         vtitle = self.req.form.get('vtitle')
         if vtitle:
-            w(u'<h1 class="vtitle">%s</h1>\n' % vtitle)
+            w(u'<h1 class="vtitle">%s</h1>\n' % html_escape(vtitle))
             
     def template_footer(self, view=None):
         self.w(u'</div>\n') # close id=contentmain
@@ -288,7 +288,7 @@
         w(u'<div id="pageContent">\n')
         vtitle = self.req.form.get('vtitle')
         if vtitle:
-            w(u'<h1 class="vtitle">%s</h1>' % (vtitle))
+            w(u'<h1 class="vtitle">%s</h1>' % html_escape(vtitle))
             
     def topleft_header(self):
         self.w(u'<table id="header"><tr>\n')