From 80a56d38a7004ab21d2311cad03aa033b35d9b1f Mon Sep 17 00:00:00 2001
From: Fabien Morin <fabien@nexedi.com>
Date: Wed, 12 Mar 2008 09:25:01 +0000
Subject: [PATCH] - use html_quote() function to escape caractere can't be
 displayed in html - correct a mistake : replace &nbsp; with &amp; (thx to
 Jerome)

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@19809 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5Form/ImageField.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/product/ERP5Form/ImageField.py b/product/ERP5Form/ImageField.py
index 0b3e8ee401..10c14c4161 100644
--- a/product/ERP5Form/ImageField.py
+++ b/product/ERP5Form/ImageField.py
@@ -29,6 +29,8 @@
 from Products.Formulator import Widget, Validator
 from Products.Formulator.Field import ZMIField
 from Products.Formulator.DummyField import fields
+from DocumentTemplate.DT_Util import html_quote
+
 
 class ImageFieldWidget(Widget.TextWidget):
     """ImageField widget.
@@ -74,13 +76,17 @@ class ImageFieldWidget(Widget.TextWidget):
         """
         # Url is already defined in value
         image = value
-        description = field.get_value('description') or \
-                      field.get_value('title')
+        alt = field.get_value('description') or \
+              field.get_value('title')
         display = field.get_value('image_display')
         format = field.get_value('image_format')
         resolution = field.get_value('image_resolution')
-        html_string = """<img src="%s?display=%s&nbsp;format=%s&nbsp;resolution=%s" alt="%s"/>""" % \
-            (image, display, format,resolution, description)
+        html_string = """<img src="%s?display=%s&amp;format=%s&amp;resolution=%s" alt="%s"/>""" % \
+            (html_quote(image), 
+             html_quote(display), 
+             html_quote(format), 
+             html_quote(resolution), 
+             html_quote(alt))
         return html_string
 
 ImageFieldWidgetInstance = ImageFieldWidget()
-- 
2.30.9