author | Denis Laxalde <denis.laxalde@logilab.fr> |
Thu, 11 Sep 2014 15:17:08 +0200 | |
changeset 10033 | b3a1d15965d9 |
parent 10032 | fd1dafb0ab10 |
child 10034 | 7d0acf9cb92a |
--- a/web/views/cwuser.py Thu Sep 25 10:50:23 2014 +0200 +++ b/web/views/cwuser.py Thu Sep 11 15:17:08 2014 +0200 @@ -160,7 +160,8 @@ def entity_call(self, entity, **kwargs): entity.complete() self.w(u'<a href="%s" class="%s">%s</a>' % ( - entity.absolute_url(), entity.name, entity.printable_value('name'))) + entity.absolute_url(), xml_escape(entity.name), + entity.printable_value('name'))) # user / groups management views ###############################################