cubicweb: changeset 4094:8b0c6c272ad9

Mercurial Mercurial > pub > hg > cubicweb / changeset

author	Pierre-Yves David <pierre-yves.david@logilab.fr>
	Wed, 09 Dec 2009 14:11:53 +0100
changeset 4094	8b0c6c272ad9
parent 4093	61b482fe826a
child 4099	59ff385f7348

fix non-xml_escaped url in box

web/box.py

file | annotate | diff | comparison | revisions

--- a/web/box.py	Wed Dec 09 18:28:10 2009 +0100
+++ b/web/box.py	Wed Dec 09 14:11:53 2009 +0100
@@ -186,7 +186,7 @@
         args = {role[0] : entity.eid, target[0] : etarget.eid}
         url = self.user_rql_callback((rql, args))
         # for each target, provide a link to edit the relation
-        label = u'[<a href="%s">%s</a>] %s' % (url, label,
+        label = u'[<a href="%s">%s</a>] %s' % (xml_escape(url), label,
                                                etarget.view('incontext'))
         return RawBoxItem(label, liclass=u'invisible')

cubicweb

RSS Atom