backoffice: add proper HTML escaping in user pending forms sidebar (#22046)
This commit is contained in:
parent
72a24f121c
commit
1103b1d5f8
|
@ -2112,19 +2112,19 @@ class FormBackOfficeStatusPage(FormStatusPage):
|
|||
r += htmltext('<li class="self"><span class="formname">%s</span> '
|
||||
'(<span class="id">%s</span>), '
|
||||
'<span class="datetime">%s</span> '
|
||||
'<span class="status">(%s)</span>' % (
|
||||
'<span class="status">(%s)</span>') % (
|
||||
formdata.formdef.name,
|
||||
formdata.get_display_id(),
|
||||
submit_date, status_label))
|
||||
submit_date, status_label)
|
||||
else:
|
||||
r += htmltext('<li><a href="%s">%s</a> '
|
||||
'(<span class="id">%s</span>), '
|
||||
'<span class="datetime">%s</span> '
|
||||
'<span class="status">(%s)</span>' % (
|
||||
'<span class="status">(%s)</span>') % (
|
||||
formdata.get_url(backoffice=True),
|
||||
formdata.formdef.name,
|
||||
formdata.get_display_id(),
|
||||
submit_date, status_label))
|
||||
submit_date, status_label)
|
||||
r += htmltext('</ul>')
|
||||
r += htmltext('</div>')
|
||||
|
||||
|
|
Loading…
Reference in New Issue