[Zope3-checkins] SVN: zope.formlib/branches/adamg-3.4.1/src/zope/formlib/form.py button label needs escaping
Adam Groszer
agroszer at gmail.com
Mon Nov 16 11:32:45 EST 2009
Log message for revision 105724:
button label needs escaping
Changed:
U zope.formlib/branches/adamg-3.4.1/src/zope/formlib/form.py
-=-
Modified: zope.formlib/branches/adamg-3.4.1/src/zope/formlib/form.py
===================================================================
--- zope.formlib/branches/adamg-3.4.1/src/zope/formlib/form.py 2009-11-16 16:31:48 UTC (rev 105723)
+++ zope.formlib/branches/adamg-3.4.1/src/zope/formlib/form.py 2009-11-16 16:32:45 UTC (rev 105724)
@@ -18,6 +18,7 @@
import re
import sys
import pytz
+from cgi import escape
import zope.event
import zope.i18n
@@ -618,7 +619,7 @@
label = zope.i18n.translate(self.label, context=self.form.request)
return ('<input type="submit" id="%s" name="%s" value="%s"'
' class="button" />' %
- (self.__name__, self.__name__, label)
+ (self.__name__, self.__name__, escape(label))
)
class action:
More information about the Zope3-Checkins
mailing list