[Zope-Checkins] SVN: Zope/branches/2.11/ - LP #491224: proper escaping of rendered error message
Andreas Jung
andreas at andreas-jung.com
Mon Jan 11 10:26:57 EST 2010
Log message for revision 108012:
- LP #491224: proper escaping of rendered error message
Changed:
U Zope/branches/2.11/doc/CHANGES.txt
U Zope/branches/2.11/lib/python/OFS/SimpleItem.py
-=-
Modified: Zope/branches/2.11/doc/CHANGES.txt
===================================================================
--- Zope/branches/2.11/doc/CHANGES.txt 2010-01-11 15:25:24 UTC (rev 108011)
+++ Zope/branches/2.11/doc/CHANGES.txt 2010-01-11 15:26:56 UTC (rev 108012)
@@ -8,6 +8,8 @@
Bugs Fixed
+ - LP #491224: proper escaping of rendered error message
+
- Also look for ZEXP imports within the clienthome directory. This
provides a place to put imports that won't be clobbered by buildout
in a buildout-based Zope instance.
Modified: Zope/branches/2.11/lib/python/OFS/SimpleItem.py
===================================================================
--- Zope/branches/2.11/lib/python/OFS/SimpleItem.py 2010-01-11 15:25:24 UTC (rev 108011)
+++ Zope/branches/2.11/lib/python/OFS/SimpleItem.py 2010-01-11 15:26:56 UTC (rev 108012)
@@ -36,6 +36,7 @@
from DocumentTemplate.ustr import ustr
from ExtensionClass import Base
from webdav.Resource import Resource
+from webdav.xmltools import escape as xml_escape
from zExceptions import Redirect
from zExceptions.ExceptionFormatter import format_exception
from zope.interface import implements
@@ -243,6 +244,7 @@
"event log for full details: %s)")%(
html_quote(sys.exc_info()[1]),
))
+ v = xml_escape(v)
raise error_type, v, tb
finally:
if hasattr(self, '_v_eek'): del self._v_eek
More information about the Zope-Checkins
mailing list