Commit 9e61edf0 authored by Julien Muchembled's avatar Julien Muchembled

safe_html: reescape entities, otherwise scrubHTML produces invalid HTML

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@41727 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent b255c894
......@@ -219,7 +219,7 @@ class StrippingParser(HTMLParser):
self.original_charset = match.group('charset')
v = charset_parser.sub(
CharsetReplacer(self.default_encoding), v)
self.result.append(' %s="%s"' % (k, v))
self.result.append(' %s="%s"' % (k, escape(v, True)))
#UNUSED endTag = '</%s>' % tag
if safeToInt(self.valid.get(tag)):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment