Log message for revision 108015:
- LP #491224: proper escaping of rendered error message
Changed:
U Zope/branches/2.9/doc/CHANGES.txt
U Zope/branches/2.9/lib/python/OFS/SimpleItem.py
-=-
Modified: Zope/branches/2.9/doc/CHANGES.txt
===================================================================
--- Zope/branches/2.9/doc/CHANGES.txt 2010-01-11 15:28:32 UTC (rev 108014)
+++ Zope/branches/2.9/doc/CHANGES.txt 2010-01-11 15:29:58 UTC (rev 108015)
@@ -4,6 +4,10 @@
Change information for previous versions of Zope can be found in the
file HISTORY.txt.
+ Zope 2.9.12 (unreleased)
+
+ - LP #491224: proper escaping of rendered error message
+
Zope 2.9.11 (2009/08/06)
Bugs fixed
Modified: Zope/branches/2.9/lib/python/OFS/SimpleItem.py
===================================================================
--- Zope/branches/2.9/lib/python/OFS/SimpleItem.py 2010-01-11 15:28:32 UTC
(rev 108014)
+++ Zope/branches/2.9/lib/python/OFS/SimpleItem.py 2010-01-11 15:29:58 UTC
(rev 108015)
@@ -33,6 +33,7 @@
from DocumentTemplate.ustr import ustr
from ExtensionClass import Base
from webdav.Resource import Resource
+from webdav.xmltools import escape as xml_escape
from zExceptions import Redirect
from zExceptions.ExceptionFormatter import format_exception
from zope.interface import implements
@@ -239,6 +240,7 @@
"event log for full details: %s)")%(
html_quote(sys.exc_info()[1]),
))
+ v = xml_escape(v)
raise error_type, v, tb
finally:
if hasattr(self, '_v_eek'): del self._v_eek
_______________________________________________
Zope-Checkins maillist - Zope-Checkins@zope.org
https://mail.zope.org/mailman/listinfo/zope-checkins
