#175 HTML is being improperly escaped when saving to database

v2.0
open
5
2008-06-24
2008-06-24
No

Anywhere that is using self.middleKitObjectEval() (in lib/SitePage.py) to save to the database is improperly escaping HTML characters *before* they are written to the database. The escape() or quoted_escape() functions should only be used before data is presented in the browser. The data in the database should be left pristine.

To see what's happening create (or edit) a customer that has a '&' in it's description for example. It will store & in the database.

Discussion

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks