[Zope-Checkins] SVN: Zope/trunk/ - LP #491224: proper escaping of rendered error message

Mon Jan 11 10:24:35 EST 2010

Log message for revision 108010:
  - LP #491224: proper escaping of rendered error message
  

Changed:
  U   Zope/trunk/doc/CHANGES.rst
  U   Zope/trunk/src/OFS/SimpleItem.py

-=-
Modified: Zope/trunk/doc/CHANGES.rst
===================================================================

--- Zope/trunk/doc/CHANGES.rst	2010-01-11 12:28:11 UTC (rev 108009)
+++ Zope/trunk/doc/CHANGES.rst	2010-01-11 15:24:35 UTC (rev 108010)
@@ -126,6 +126,8 @@
 Bugs Fixed
 ++++++++++
 
+- LP #491224: proper escaping of rendered error message
+
 - LP #246983: Enabled unicode conflict resolution on variables inside "string:"
   expressions in TALES.
 

Modified: Zope/trunk/src/OFS/SimpleItem.py
===================================================================
--- Zope/trunk/src/OFS/SimpleItem.py	2010-01-11 12:28:11 UTC (rev 108009)
+++ Zope/trunk/src/OFS/SimpleItem.py	2010-01-11 15:24:35 UTC (rev 108010)
@@ -50,6 +50,7 @@
 from ExtensionClass import Base
 from Persistence import Persistent
 from webdav.Resource import Resource
+from webdav.xmltools import escape as xml_escape
 from zExceptions import Redirect
 from zExceptions import upgradeException
 from zExceptions.ExceptionFormatter import format_exception
@@ -310,6 +311,7 @@
                 # return the rendered exception and let the
                 # ZPublisher Exception Hook deal with it.
                 return error_type, v, tb
+            v = xml_escape(v)
             raise error_type, v, tb
         finally:
             if hasattr(self, '_v_eek'): del self._v_eek

