[MERGE] [FIX] html_sanitize: partial backport of trunk revision 5047 (opw 603452).

Unescape elements that have been wrongly escaped. Some elements (eg: 'href' tag in links) are sanitised in templates which prevents the execution of mako templates. bzr revid: mat@openerp.com-20140210152806-rl5h3twgq8dd203d
2014-02-10 16:28:06 +01:00 · 2014-02-10 16:28:06 +01:00 · 69f18925ff
parent 749e05ccb8 e328c0a40e
commit 69f18925ff
1 changed files with 9 additions and 0 deletions
--- a/openerp/tools/mail.py
+++ b/openerp/tools/mail.py
@ -68,6 +68,15 @@ def html_sanitize(src):
            return ""
        _logger.warning('html_sanitize failed to parse %s' % (src))
        cleaned = '<p>Impossible to parse</p>'
+
+    # MAKO compatibility: $, { and } inside quotes are escaped, preventing correct mako execution
+    cleaned = cleaned.replace('%24', '$')
+    cleaned = cleaned.replace('%7B', '{')
+    cleaned = cleaned.replace('%7D', '}')
+    cleaned = cleaned.replace('%20', ' ')
+    cleaned = cleaned.replace('%5B', '[')
+    cleaned = cleaned.replace('%5D', ']')
+
    return cleaned