From 80a56d38a7004ab21d2311cad03aa033b35d9b1f Mon Sep 17 00:00:00 2001 From: Fabien Morin <fabien@nexedi.com> Date: Wed, 12 Mar 2008 09:25:01 +0000 Subject: [PATCH] - use html_quote() function to escape caractere can't be displayed in html - correct a mistake : replace with & (thx to Jerome) git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@19809 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5Form/ImageField.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/product/ERP5Form/ImageField.py b/product/ERP5Form/ImageField.py index 0b3e8ee401..10c14c4161 100644 --- a/product/ERP5Form/ImageField.py +++ b/product/ERP5Form/ImageField.py @@ -29,6 +29,8 @@ from Products.Formulator import Widget, Validator from Products.Formulator.Field import ZMIField from Products.Formulator.DummyField import fields +from DocumentTemplate.DT_Util import html_quote + class ImageFieldWidget(Widget.TextWidget): """ImageField widget. @@ -74,13 +76,17 @@ class ImageFieldWidget(Widget.TextWidget): """ # Url is already defined in value image = value - description = field.get_value('description') or \ - field.get_value('title') + alt = field.get_value('description') or \ + field.get_value('title') display = field.get_value('image_display') format = field.get_value('image_format') resolution = field.get_value('image_resolution') - html_string = """<img src="%s?display=%s format=%s resolution=%s" alt="%s"/>""" % \ - (image, display, format,resolution, description) + html_string = """<img src="%s?display=%s&format=%s&resolution=%s" alt="%s"/>""" % \ + (html_quote(image), + html_quote(display), + html_quote(format), + html_quote(resolution), + html_quote(alt)) return html_string ImageFieldWidgetInstance = ImageFieldWidget() -- 2.30.9