[Mpuls-commits] r1740 - in wasko/branches/2.0: . waskaweb/controllers
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Feb 24 12:10:11 CET 2010
Author: bh
Date: 2010-02-24 12:10:10 +0100 (Wed, 24 Feb 2010)
New Revision: 1740
Modified:
wasko/branches/2.0/ChangeLog
wasko/branches/2.0/waskaweb/controllers/case_overview.py
Log:
* waskaweb/controllers/case_overview.py
(CaseOverviewController._buildCaseList): Escape case fields
properly for HTML.
Modified: wasko/branches/2.0/ChangeLog
===================================================================
--- wasko/branches/2.0/ChangeLog 2010-02-24 10:58:53 UTC (rev 1739)
+++ wasko/branches/2.0/ChangeLog 2010-02-24 11:10:10 UTC (rev 1740)
@@ -1,5 +1,11 @@
2010-02-24 Bernhard Herzog <bh at intevation.de>
+ * waskaweb/controllers/case_overview.py
+ (CaseOverviewController._buildCaseList): Escape case fields
+ properly for HTML.
+
+2010-02-24 Bernhard Herzog <bh at intevation.de>
+
* mpulsweb/lib/renderer.py (ViewRenderer._renderText)
(ViewRenderer._renderDate, ViewRenderer._renderInt)
(ViewRenderer._renderRadio, ViewRenderer._renderPlainBool)
Modified: wasko/branches/2.0/waskaweb/controllers/case_overview.py
===================================================================
--- wasko/branches/2.0/waskaweb/controllers/case_overview.py 2010-02-24 10:58:53 UTC (rev 1739)
+++ wasko/branches/2.0/waskaweb/controllers/case_overview.py 2010-02-24 11:10:10 UTC (rev 1740)
@@ -30,6 +30,7 @@
import re
import logging
+from cgi import escape
import formencode
import paste
@@ -574,8 +575,8 @@
def _buildCaseList(self, bundle):
list = ["<ul>"]
for case in bundle.getCases():
- list.append("<li>%s, %s</li>" % (F.NA(case.first_name),
- F.NA(case.last_name)))
+ list.append("<li>%s, %s</li>" % (escape(F.NA(case.first_name)),
+ escape(F.NA(case.last_name))))
list.append("</ul>")
return list
More information about the Mpuls-commits
mailing list