Commit ccd0b4ee authored by Arnaud Fontaine's avatar Arnaud Fontaine

erp5_web: Use Zope html_quote() rather than ad-hoc fonction to convert HTML entities.

parent b5d5d9b9
Pipeline #36441 failed with stage
in 0 seconds
...@@ -15,6 +15,7 @@ TODO: export same components into one mhtml attachment if possible. ...@@ -15,6 +15,7 @@ TODO: export same components into one mhtml attachment if possible.
# ERP5 web uses format= argument, which is also a python builtin # ERP5 web uses format= argument, which is also a python builtin
# pylint: disable=redefined-builtin # pylint: disable=redefined-builtin
from Products.PythonScripts.standard import html_quote
from zExceptions import Unauthorized from zExceptions import Unauthorized
from base64 import b64encode, b64decode from base64 import b64encode, b64decode
portal = context.getPortalObject() portal = context.getPortalObject()
...@@ -75,7 +76,7 @@ def strHtmlPart(part): ...@@ -75,7 +76,7 @@ def strHtmlPart(part):
part_type = part[0] part_type = part[0]
if part_type in ("starttag", "startendtag"): if part_type in ("starttag", "startendtag"):
tag, attrs = handleHtmlTag(part[1], part[2]) tag, attrs = handleHtmlTag(part[1], part[2])
attrs_str = " ".join(["%s=\"%s\"" % (escapeHtml(k), escapeHtml(v or "")) for k, v in attrs]) attrs_str = " ".join(["%s=\"%s\"" % (html_quote(k), html_quote(v or "")) for k, v in attrs])
return "<%s%s%s>" % (tag, " " + attrs_str if attrs_str else "", " /" if part_type == "startendtag" else "") return "<%s%s%s>" % (tag, " " + attrs_str if attrs_str else "", " /" if part_type == "startendtag" else "")
if part_type == "endtag": if part_type == "endtag":
return "</%s>" % part[1] return "</%s>" % part[1]
...@@ -347,9 +348,6 @@ def parseUrlSearch(search): ...@@ -347,9 +348,6 @@ def parseUrlSearch(search):
def parseHtml(text): def parseHtml(text):
return context.Base_parseHtml(text) return context.Base_parseHtml(text)
def escapeHtml(text):
return text.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;").replace("\"", "&quot;")
def anny(iterable, key=None): def anny(iterable, key=None):
for i in iterable: for i in iterable:
if key: if key:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment