[FIX] tools: mail: when cleaning, unescape mako specific symbols.

Indeed those are escaped when contained inside an href or mailto element
of a tag, leading to mako not rendering the element.

bzr revid: tde@openerp.com-20140123125137-4u4i88f1ajybg5f2

diff --git a/openerp/tools/mail.py b/openerp/tools/mail.py
index a97e2aa..e0a9625 100644 (file)
--- a/openerp/tools/mail.py
+++ b/openerp/tools/mail.py
@@ -29,6 +29,7 @@ import re
 import socket
 import threading
 import time
+import xml
 from email.utils import getaddresses
 
 import openerp
@@ -95,6 +96,8 @@ def html_sanitize(src, silent=True, strict=False):
         # some corner cases make the parser crash (such as <SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT> in test_mail)
         cleaner = clean.Cleaner(**kwargs)
         cleaned = cleaner.clean_html(src)
+        # MAKO compatibility: $, { and } inside quotes are escaped, preventing correct mako execution
+        cleaned = xml.sax.saxutils.unescape(cleaned, {'%24': '$', '%7B': '{', '%7D': '}', '%20': ' '})
     except etree.ParserError, e:
         if 'empty' in str(e):
             return ""