- LP #491224: proper escaping of rendered error message

70748a88 · Andreas Jung · 62a61f15 · 70748a88 · 70748a88
Commit 70748a88 authored Jan 11, 2010 by Andreas Jung
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

doc/CHANGES.rst doc/CHANGES.rst +2 -0

src/OFS/SimpleItem.py src/OFS/SimpleItem.py +2 -0

No files found.
--- a/doc/CHANGES.rst
+++ b/doc/CHANGES.rst
@@ -126,6 +126,8 @@ Features Added
 Bugs Fixed
 ++++++++++

+- LP #491224: proper escaping of rendered error message
+
 - LP #246983: Enabled unicode conflict resolution on variables inside "string:"
  expressions in TALES.


--- a/src/OFS/SimpleItem.py
+++ b/src/OFS/SimpleItem.py
@@ -50,6 +50,7 @@ from DocumentTemplate.ustr import ustr
 from ExtensionClass import Base
 from Persistence import Persistent
 from webdav.Resource import Resource
+from webdav.xmltools import escape as xml_escape
 from zExceptions import Redirect
 from zExceptions import upgradeException
 from zExceptions.ExceptionFormatter import format_exception
@@ -310,6 +311,7 @@ class Item(Base,
                # return the rendered exception and let the
                # ZPublisher Exception Hook deal with it.
                return error_type, v, tb
+            v = xml_escape(v)
            raise error_type, v, tb
        finally:
            if hasattr(self, '_v_eek'): del self._v_eek