Escape html read-only values
This commit is contained in:
parent
a34dd656be
commit
5efc493542
@ -8,6 +8,7 @@
|
||||
|
||||
v 1.3 (python3)
|
||||
"""
|
||||
import html
|
||||
|
||||
|
||||
def TrivialFormulator(
|
||||
@ -722,7 +723,9 @@ var {field}_as = new bsn.AutoSuggest('{field}', {field}_opts);
|
||||
if str(descr["allowed_values"][i]) == str(self.values[field]):
|
||||
R.append('<span class="tf-ro-value">%s</span>' % labels[i])
|
||||
elif input_type == "textarea":
|
||||
R.append('<div class="tf-ro-textarea">%s</div>' % self.values[field])
|
||||
R.append(
|
||||
'<div class="tf-ro-textarea">%s</div>' % html.escape(self.values[field])
|
||||
)
|
||||
elif input_type == "separator" or input_type == "hidden":
|
||||
pass
|
||||
elif input_type == "file":
|
||||
|
Loading…
Reference in New Issue
Block a user