[primary] Fix visualization of dc_title, see #3295949
authorDimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
Thu, 14 Nov 2013 13:29:08 +0000
changeset 440 d614eaa166b0
parent 439 107a55cdb2db
child 441 e34052b60371
[primary] Fix visualization of dc_title, see #3295949 It may contain the '<sanitized>' string which needs to be escaped.
views/primary.py
--- a/views/primary.py	Thu Nov 14 13:27:54 2013 +0000
+++ b/views/primary.py	Thu Nov 14 13:29:08 2013 +0000
@@ -17,6 +17,7 @@
 # with this program. If not, see <http://www.gnu.org/licenses/>.
 
 """cubicweb-suivimp views/forms/actions/components for web ui"""
+from logilab.mtconverter import xml_escape
 from cubicweb.selectors import is_instance
 from cubicweb.web.views.primary import PrimaryView
 
@@ -54,7 +55,7 @@
         w = self.w
         w(u'<div class="well">')
         w(u'<div class="page-header">')
-        w(u'<h2>%s</h2>' % entity.dc_title())
+        w(u'<h2>%s</h2>' % xml_escape(entity.dc_title()))
         w(u'</div>')
         w(u'<dl class="dl-horizontal">')
         for label, attribute in self.iterate_attributes(entity):
@@ -594,7 +595,7 @@
         w = self.w
         w(u'<div class="well">')
         w(u'<div class="page-header">')
-        w(u'<h2>%s</h2>' % entity.dc_title())
+        w(u'<h2>%s</h2>' % xml_escape(entity.dc_title()))
         w(u'</div>')
         w(u'<dl class="dl-horizontal">')
         for label, attribute in self.iterate_attributes(entity):