Mercurial > p > roundup > code

changeset 8316:e5720094a00e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix: double escaping of data-calurl prevent use. data-calurl escaped the '&'s replacing them with the entity code. Then the value was processed again by cgi_escape_attrs double escaping the value making it unusable if passed to help_window().
author John Rouillard <rouilj@ieee.org>
date Sun, 11 May 2025 20:02:31 -0400
parents 3f43db05aa11
children 4455cd036c25
files roundup/cgi/templating.py
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/roundup/cgi/templating.py	Sun May 11 18:51:57 2025 -0400
+++ b/roundup/cgi/templating.py	Sun May 11 20:02:31 2025 -0400
@@ -2438,7 +2438,7 @@
             date = ""
 
         data_attr = {
-            "data-calurl": '%s?@template=calendar&amp;property=%s&amp;form=%s%s' % (
+            "data-calurl": '%s?@template=calendar&property=%s&form=%s%s' % (
                 self._classname, self._name, form, date),
             "data-width": width,
             "data-height": height
Roundup Issue Tracker: http://roundup-tracker.org/