properly escape breadcrumb labels

2012-08-13 10:08:03 +02:00 · 2012-08-13 10:08:03 +02:00 · 1ed314d150
parent 507ca3da60
commit 1ed314d150
1 changed files with 3 additions and 1 deletions
--- a/wcs/qommon/template.ptl
+++ b/wcs/qommon/template.ptl
@ -30,7 +30,7 @@ except ImportError:
 from quixote import get_session, get_request, get_response, get_publisher
 from quixote.directory import Directory
 from quixote.util import StaticDirectory, StaticFile
-from quixote.html import htmltext
+from quixote.html import htmltext, htmlescape

 import errors
 import ezt
@ -405,6 +405,8 @@ def decorate(body, response):
                    s.append('<a href="%s">%s</a>' % (component, label))
                    continue
                if label is not None:
+                    if type(label) is str:
+                        label = htmlescape(label)
                    if total_len > 80 and len(label) > 10 and \
                            response.breadcrumb[-1] != (component, label):
                        s.append('<a href="%s%s" title="%s">%s</a>' % (