Collector 404: ALT attribute is now escaped properly

2ac2d73c · Andreas Jung · 7c4ba6e2 · 2ac2d73c
Commit 2ac2d73c authored May 28, 2002 by Andreas Jung
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

lib/python/OFS/Image.py lib/python/OFS/Image.py +3 -2

No files found.
--- a/lib/python/OFS/Image.py
+++ b/lib/python/OFS/Image.py
@@ -12,7 +12,7 @@
 ##############################################################################
 """Image object"""

-__version__='$Revision: 1.137 $'[11:-2]
+__version__='$Revision: 1.138 $'[11:-2]

 import Globals, struct
 from OFS.content_types import guess_content_type
@@ -31,6 +31,7 @@ from Cache import Cacheable
 from mimetools import choose_boundary
 from ZPublisher import HTTPRangeSupport
 from ZPublisher.HTTPRequest import FileUpload
+from cgi import escape

 StringType=type('')
 manage_addFileForm=DTMLFile('dtml/imageAdd', globals(),Kind='File',kind='file')
@@ -740,7 +741,7 @@ class Image(File):

        if alt is None:
            alt=getattr(self, 'title', '')
-        result = '%s alt="%s"' % (result, alt)
+        result = '%s alt="%s"' % (result, escape(alt, 1))

        if height:
            result = '%s height="%s"' % (result, height)