# HG changeset patch
# User souliane <souliane@mailoo.org>
# Date 1393164042 -3600
# Node ID 97c5a9092bee90f3bc25aee100270d79fb675c5e
# Parent  764c32ecb754e0d29236c977248d98fda727cda0
browser_side: escape the microblog titles when they are displayed

diff -r 764c32ecb754 -r 97c5a9092bee browser_side/richtext.py
--- a/browser_side/richtext.py	Sat Feb 22 08:25:42 2014 +0100
+++ b/browser_side/richtext.py	Sun Feb 23 15:00:42 2014 +0100
@@ -33,6 +33,7 @@
 from dialog import ConfirmDialog, InfoDialog
 from base_panels import TitlePanel, BaseTextEditor, LightTextEditor
 from list_manager import ListManager
+from tools import html_sanitize
 import panels
 
 from sat_frontends.tools import composition
@@ -313,7 +314,7 @@
                 # set the display text in XHTML only during init because a new MicroblogEntry instance is created after each modification
                 text = content['text']
                 if 'title' in content and content['title']:
-                    text = '<h1>%s</h1>%s' % (content['title'], content['text'])
+                    text = '<h1>%s</h1>%s' % (html_sanitize(content['title']), content['text'])
                 self.display.setContent({'text': text})
             self.display.edit(False)