[Zope3-checkins] SVN: zope.formlib/trunk/src/zope/formlib/form.py button label needs escaping, quotes too
Adam Groszer
agroszer at gmail.com
Mon Nov 16 11:51:38 EST 2009
Log message for revision 105728:
button label needs escaping, quotes too
Changed:
U zope.formlib/trunk/src/zope/formlib/form.py
-=-
Modified: zope.formlib/trunk/src/zope/formlib/form.py
===================================================================
--- zope.formlib/trunk/src/zope/formlib/form.py 2009-11-16 16:50:02 UTC (rev 105727)
+++ zope.formlib/trunk/src/zope/formlib/form.py 2009-11-16 16:51:38 UTC (rev 105728)
@@ -18,6 +18,7 @@
import re
import sys
import pytz
+from cgi import escape
import zope.event
import zope.i18n
@@ -626,7 +627,7 @@
label = zope.i18n.translate(self.label, context=self.form.request)
return ('<input type="submit" id="%s" name="%s" value="%s"'
' class="button" />' %
- (self.__name__, self.__name__, label)
+ (self.__name__, self.__name__, escape(label, quote=True))
)
class action:
More information about the Zope3-Checkins
mailing list