- LP #491224: proper escaping of rendered error message

4be07990 · Andreas Jung · 8b76f6f2 · 4be07990 · 4be07990
Commit 4be07990 authored Jan 11, 2010 by Andreas Jung
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

doc/CHANGES.txt doc/CHANGES.txt +4 -0

lib/python/OFS/SimpleItem.py lib/python/OFS/SimpleItem.py +2 -0

No files found.
--- a/doc/CHANGES.txt
+++ b/doc/CHANGES.txt
@@ -4,6 +4,10 @@ Zope Changes
  Change information for previous versions of Zope can be found in the
  file HISTORY.txt.
+  Zope 2.8.12 (unreleased)
+  - LP #491224: proper escaping of rendered error message
  Zope 2.8.11 (2009/08/06)
    Bugs fixed

--- a/lib/python/OFS/SimpleItem.py
+++ b/lib/python/OFS/SimpleItem.py
@@ -25,6 +25,7 @@ import marshal, re, sys, time
 import Globals, App.Management, Acquisition, App.Undo
 import AccessControl.Role, AccessControl.Owned, App.Common
 from webdav.Resource import Resource
+from webdav.xmltools import escape as xml_escape
 from ExtensionClass import Base
 from ComputedAttribute import ComputedAttribute
 from AccessControl import getSecurityManager, Unauthorized
@@ -227,6 +228,7 @@ class Item(Base, Resource, CopySource, App.Management.Tabs, Traversable,
                     "event log for full details: %s)")%(
                    html_quote(sys.exc_info()[1]),
                    ))
+            v = xml_escape(v)
            raise error_type, v, tb
        finally:
            if hasattr(self, '_v_eek'): del self._v_eek