entrouvert/wcs
entrouvert
/
wcs
14
1
Fork 0
Code Issues Pull Requests 35 Releases Activity

backoffice: add proper HTML escaping in user pending forms sidebar (#22046)

This commit is contained in:
Frédéric Péters 2018-02-21 23:36:49 +01:00
parent 72a24f121c
commit 1103b1d5f8
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wcs/backoffice/management.py
View File

@ -2112,19 +2112,19 @@ class FormBackOfficeStatusPage(FormStatusPage):
r += htmltext('<li class="self"><span class="formname">%s</span> '
'(<span class="id">%s</span>), '
'<span class="datetime">%s</span> '
'<span class="status">(%s)</span>' % (
'<span class="status">(%s)</span>') % (
formdata.formdef.name,
formdata.get_display_id(),
submit_date, status_label))
submit_date, status_label)
else:
r += htmltext('<li><a href="%s">%s</a> '
'(<span class="id">%s</span>), '
'<span class="datetime">%s</span> '
'<span class="status">(%s)</span>' % (
'<span class="status">(%s)</span>') % (
formdata.get_url(backoffice=True),
formdata.formdef.name,
formdata.get_display_id(),
submit_date, status_label))
submit_date, status_label)
r += htmltext('</ul>')
r += htmltext('</div>')