Escape text nodes changed via the web editor before sending the content
it to the server controller.
It is done since the content is unescaped one time when being displayed,
and it is not done for inline style and script tags (which may be
injected by dropping a snippet) since that would break them.
replacing the solution in cdb900044.
When saving a template in version 8.0, html would be saved as it should
be displayed once on the site. In particular, if some text should be
escaped once send to the browser, it will be saved as such.
But when rendering, a text node content is unescaped two times:
* for translation which seems wrong since we already use .text of a node
which already escaped it, doing it one more time is bad,
* when rendering the template, since the html template is stored in xml,
This commit remove superfluous unescaping for translation, and add an
escaping when saving the changed template content.
closes#7967
opw-646889
If they are this routes:
/partner/p-1
/partner/p-2
...
/partner/grade-1/p-1
/partner/grade-1/p-2
...
/partner/grade-2/p-1
/partner/grade-2/p-2
...
We want test only one time the routes:
/partner/p-1
/partner/grade-1/p-1
The old-api model._all_columns contains information about model._columns and
inherited columns. This dictionary is missing new-api computed non-stored
fields, and the new field objects provide a more readable api...
This commit contains the following changes:
- adapt several methods of BaseModel to use fields instead of columns and
_all_columns
- copy all semantic-free attributes of related fields from their source
- add attribute 'group_operator' on integer and float fields
- base, base_action_rule, crm, edi, hr, mail, mass_mailing, pad,
payment_acquirer, share, website, website_crm, website_mail: simply use
_fields instead of _all_columns
- base, decimal_precision, website: adapt qweb rendering methods to use fields
instead of columns
* move URLs of purely-JS-hook <a> to data-href so the crawler does not try to
access them (they're JSON-RPC endpoints...)
* replace side-effecting links (...) by styled buttons
* fix crawler to not take fragments in account when deduplicating and
navigating URLs
Didn't manage to find RTE settings to avoid losing leading whitespace of
lines, so reindeint arch after doing all integration, right before saving back
to view's field.
* html.fromstring(parser=HTMLParser(remove_blank_text=True) does not seem to
work, so serialize to XML, and parse back with
remove_blank_text. remove_blank_text necessary for lxml's pretty_print to
work correctly.
* pretty_print only & always uses 2 spaces/indent level. Our files (and the
HTML editor's Format button) uses 4 spaces -> need a second pass to double
indents.
bzr revid: xmo@openerp.com-20140227125934-q8j3z440px2ic6kx
* / fails to load, it turns out Tour is undefined because unlogged home does
not load bootstrap-tour
* after injecting bootstrap-tour, redirects to /login (to log in), tries to
inject tour again except this time ``openerp.website`` is completely empty
(although it is present on the page), no idea why.
removed test because whatever, if enable-test-fix-tour is ever rewritten and
fixed it may reappear.
bzr revid: xmo@openerp.com-20140219142115-5kpu5uvzpkwnt1ef
Move URLCase back out of the test module, otherwise loadTestFromModule
attempts to load it in the usual manner (~URLCase('runTest')). Which does not
work at all, because that's not what URLCase is for.
URLCase extends TestCase to benefit from the TestCase.run infrastructure
(running tests, filling result object, etc...)
bzr revid: xmo@openerp.com-20140217151535-alq7pq6qapski73x