[Zope-Checkins] CVS: Zope/lib/python/HelpSys - HelpSys.py:1.25

Tres Seaver tseaver at zope.com
Thu Jan 15 17:44:39 EST 2004


Update of /cvs-repository/Zope/lib/python/HelpSys
In directory cvs.zope.org:/tmp/cvs-serv19785/lib/python/HelpSys

Modified Files:
	HelpSys.py 
Log Message:


  - Merge CGI-escape templating changes from 2.6 / 2.7 audit work.


=== Zope/lib/python/HelpSys/HelpSys.py 1.24 => 1.25 ===
--- Zope/lib/python/HelpSys/HelpSys.py:1.24	Wed Aug 14 17:34:42 2002
+++ Zope/lib/python/HelpSys/HelpSys.py	Thu Jan 15 17:44:07 2004
@@ -17,6 +17,7 @@
 from Globals import Persistent, DTMLFile, HTML
 from Products.ZCatalog.ZCatalog import ZCatalog
 from Products.ZCatalog.Lazy import LazyCat
+from cgi import escape
 import Products
 import HelpTopic
 import Globals
@@ -103,14 +104,14 @@
             )
         help_url='%s?help_url=%s' % (self.absolute_url(), help_url)
 
-        script='window.open(\'%s\',\'zope_help\',\'width=600,' \
-                'height=500,menubar=yes,toolbar=yes,scrollbars=yes,' \
-                'resizable=yes\'); return false;' % help_url
+        script="window.open('%s','zope_help','width=600,height=500," \
+               "menubar=yes,toolbar=yes,scrollbars=yes,resizable=yes');" \
+               "return false;" % escape(help_url, 1).replace("'", "\\'")
 
         h_link='<a href="%s" onClick="%s" onMouseOver="window.status=' \
                '\'Open online help\'; return true;" onMouseOut="' \
                'window.status=\'\'; return true;">Help!</a>' % (
-               help_url, script
+               escape(help_url, 1), script
                )
 
         return h_link




More information about the Zope-Checkins mailing list