Commit 80a56d38 authored by Fabien Morin's avatar Fabien Morin

- use html_quote() function to escape caractere can't be displayed in html

- correct a mistake : replace   with & (thx to Jerome)


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@19809 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 69cf02f1
...@@ -29,6 +29,8 @@ ...@@ -29,6 +29,8 @@
from Products.Formulator import Widget, Validator from Products.Formulator import Widget, Validator
from Products.Formulator.Field import ZMIField from Products.Formulator.Field import ZMIField
from Products.Formulator.DummyField import fields from Products.Formulator.DummyField import fields
from DocumentTemplate.DT_Util import html_quote
class ImageFieldWidget(Widget.TextWidget): class ImageFieldWidget(Widget.TextWidget):
"""ImageField widget. """ImageField widget.
...@@ -74,13 +76,17 @@ class ImageFieldWidget(Widget.TextWidget): ...@@ -74,13 +76,17 @@ class ImageFieldWidget(Widget.TextWidget):
""" """
# Url is already defined in value # Url is already defined in value
image = value image = value
description = field.get_value('description') or \ alt = field.get_value('description') or \
field.get_value('title') field.get_value('title')
display = field.get_value('image_display') display = field.get_value('image_display')
format = field.get_value('image_format') format = field.get_value('image_format')
resolution = field.get_value('image_resolution') resolution = field.get_value('image_resolution')
html_string = """<img src="%s?display=%s&nbsp;format=%s&nbsp;resolution=%s" alt="%s"/>""" % \ html_string = """<img src="%s?display=%s&amp;format=%s&amp;resolution=%s" alt="%s"/>""" % \
(image, display, format,resolution, description) (html_quote(image),
html_quote(display),
html_quote(format),
html_quote(resolution),
html_quote(alt))
return html_string return html_string
ImageFieldWidgetInstance = ImageFieldWidget() ImageFieldWidgetInstance = ImageFieldWidget()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment