[Mpuls-commits] r1741 - in wasko/branches/2.0: . mpulsweb/controllers
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Feb 24 12:11:15 CET 2010
Author: bh
Date: 2010-02-24 12:11:14 +0100 (Wed, 24 Feb 2010)
New Revision: 1741
Modified:
wasko/branches/2.0/ChangeLog
wasko/branches/2.0/mpulsweb/controllers/formularpage.py
Log:
* mpulsweb/controllers/formularpage.py (get_rendered_page): Escape
page description when generating HTML
Modified: wasko/branches/2.0/ChangeLog
===================================================================
--- wasko/branches/2.0/ChangeLog 2010-02-24 11:10:10 UTC (rev 1740)
+++ wasko/branches/2.0/ChangeLog 2010-02-24 11:11:14 UTC (rev 1741)
@@ -1,5 +1,10 @@
2010-02-24 Bernhard Herzog <bh at intevation.de>
+ * mpulsweb/controllers/formularpage.py (get_rendered_page): Escape
+ page description when generating HTML
+
+2010-02-24 Bernhard Herzog <bh at intevation.de>
+
* waskaweb/controllers/case_overview.py
(CaseOverviewController._buildCaseList): Escape case fields
properly for HTML.
Modified: wasko/branches/2.0/mpulsweb/controllers/formularpage.py
===================================================================
--- wasko/branches/2.0/mpulsweb/controllers/formularpage.py 2010-02-24 11:10:10 UTC (rev 1740)
+++ wasko/branches/2.0/mpulsweb/controllers/formularpage.py 2010-02-24 11:11:14 UTC (rev 1741)
@@ -2,6 +2,7 @@
import logging
import traceback
+from cgi import escape
import formencode
@@ -75,7 +76,8 @@
defaults = convertErrorItem2ValueDic(page.getErrors())
if page:
- c.formularheader = "<h1>%s</h1>" % page.getMeta().getDescription()
+ c.formularheader = ("<h1>%s</h1>"
+ % escape(page.getMeta().getDescription()))
if isinstance(page, RepeatInstanceContainerNode):
renderer = RepeatGroupRenderer(instance_tree, page,
session.get('render_mode',
More information about the Mpuls-commits
mailing list